Exploit for Code Injection in Langflow

Langflow RCE Exploit CVE-2025-3248 !Python Versionhttps:...

CVE-2023-6211

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox 120...

CVE-2019-9843

In DiffPlug Spotless before 1.20.0 library and Maven plugin and before 3.20.0 Gradle plugin, the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a...

PT-2017-13466 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue concerns the use of a hardcoded private key in the /etc/stunnel.key file across different installations,...

Design/Logic Flaw

Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdoma...

Session fixation

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session...

CVE-2002-2405

Check Point FireWall-1 4.1 and Next Generation NG, with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall...