Lucene search
K

1067 matches found

CNNVD
CNNVD
added 2026/03/27 12:0 a.m.11 views

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a security vulnerability where authentication and authorization checks are missing for endpoints/api/v1/files/images/flowid/filename. This vulnerability allows...

6.3CVSS5.9AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 7:17 p.m.12 views

CVE-2026-33152

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...

9.1CVSS0.00513EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/26 7:7 p.m.25 views

CVE-2026-33152 Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...

9.1CVSS0.00513EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:7 p.m.3 views

CVE-2026-33152

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...

9.1CVSS5.8AI score0.00513EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/26 7:7 p.m.11 views

EUVD-2026-16315

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...

9.1CVSS5.8AI score0.00513EPSS
Exploits1References2
CVE
CVE
added 2026/03/26 7:7 p.m.30 views

CVE-2026-33152

Summary: Tandoor Recipes before 2.6.0 configures Django REST Framework with BasicAuthentication as a default, while rate limiting (ACCOUNT_RATE_LIMITS: login: 5/m/ip) applies only to the HTML login endpoint at /accounts/login/. This means any API endpoint that accepts authenticated requests can b...

9.1CVSS5.8AI score0.00513EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.3 views

CVE-2026-32867

OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage...

5.4CVSS5.9AI score0.00193EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 1:0 p.m.21 views

CVE-2025-55269 HCL Aftermarket DPC is affected by Weak Password Policy vulnerability

HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts...

4.2CVSS0.00242EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/24 12:57 p.m.6 views

CVE-2026-33484 Langflow has Unauthenticated IDOR on Image Downloads

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...

7.5CVSS5.8AI score0.05838EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/20 5:38 p.m.8 views

CVE-2026-33129

A flaw was found in H3, a minimal HTTP framework. A remote attacker can exploit a Timing Side-Channel vulnerability in the requireBasicAuth function. This vulnerability arises from the use of an unsafe string comparison, allowing the attacker to deduce valid passwords character-by-character by...

5.9CVSS5.6AI score0.00319EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/20 9:41 a.m.5 views

CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils

H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...

5.9CVSS5.8AI score0.00319EPSS
Exploits1References3
OSV
OSV
added 2026/03/20 9:41 a.m.5 views

CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils

H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...

5.9CVSS5.8AI score0.00319EPSS
Exploits1References5
NVD
NVD
added 2026/03/19 4:16 p.m.6 views

CVE-2026-32867

OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage...

9.8CVSS0.00193EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.4 views

PT-2026-26309

OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage...

5.4CVSS5.9AI score0.00193EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/17 6:30 p.m.7 views

EUVD-2026-12608

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

9.3CVSS5.8AI score0.00488EPSS
Exploits0References5
NVD
NVD
added 2026/03/17 6:16 p.m.7 views

CVE-2026-32295

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

9.3CVSS0.00488EPSS
Exploits0References4
OSV
OSV
added 2026/03/17 6:16 p.m.5 views

CVE-2026-32295

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

9.3CVSS6.1AI score0.00488EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/17 5:19 p.m.2 views

CVE-2026-32295 JetKVM insufficient login rate limiting

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

9.3CVSS5.8AI score0.00488EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/17 5:19 p.m.26 views

CVE-2026-32295 JetKVM insufficient login rate limiting

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

9.3CVSS0.00488EPSS
Exploits0References4
CVE
CVE
added 2026/03/17 5:19 p.m.31 views

CVE-2026-32295

CVE-2026-32295 affects JetKVM prior to version 0.5.4, where there is no rate limiting on login attempts. This enables brute-force attempts to guess credentials, exposing potential unauthorized access. The vulnerability is mitigated by upgrading to version 0.5.4 (fix referenced in multiple sources...

9.3CVSS5.8AI score0.00488EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder