1067 matches found
Langflow 安全漏洞
Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a security vulnerability where authentication and authorization checks are missing for endpoints/api/v1/files/images/flowid/filename. This vulnerability allows...
CVE-2026-33152
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...
CVE-2026-33152 Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...
CVE-2026-33152
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...
EUVD-2026-16315
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...
CVE-2026-33152
Summary: Tandoor Recipes before 2.6.0 configures Django REST Framework with BasicAuthentication as a default, while rate limiting (ACCOUNT_RATE_LIMITS: login: 5/m/ip) applies only to the HTML login endpoint at /accounts/login/. This means any API endpoint that accepts authenticated requests can b...
CVE-2026-32867
OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage...
CVE-2025-55269 HCL Aftermarket DPC is affected by Weak Password Policy vulnerability
HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts...
CVE-2026-33484 Langflow has Unauthenticated IDOR on Image Downloads
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...
CVE-2026-33129
A flaw was found in H3, a minimal HTTP framework. A remote attacker can exploit a Timing Side-Channel vulnerability in the requireBasicAuth function. This vulnerability arises from the use of an unsafe string comparison, allowing the attacker to deduce valid passwords character-by-character by...
CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils
H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...
CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils
H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...
CVE-2026-32867
OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage...
PT-2026-26309
OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage...
EUVD-2026-12608
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...
CVE-2026-32295
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...
CVE-2026-32295
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...
CVE-2026-32295 JetKVM insufficient login rate limiting
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...
CVE-2026-32295 JetKVM insufficient login rate limiting
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...
CVE-2026-32295
CVE-2026-32295 affects JetKVM prior to version 0.5.4, where there is no rate limiting on login attempts. This enables brute-force attempts to guess credentials, exposing potential unauthorized access. The vulnerability is mitigated by upgrading to version 0.5.4 (fix referenced in multiple sources...