Lucene search
K

9 matches found

OSV
OSV
added 2026/04/01 12:1 a.m.2 views

GHSA-QXGF-HMCJ-3XW3 OpenClaw affected by SSRF via unguarded image download in fal provider

Summary The fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path. Impact A malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses throug...

2.3CVSS5.9AI score0.00227EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/31 2:10 p.m.2 views

CVE-2026-34504 OpenClaw < 2026.3.28 - Server-Side Request Forgery via Unguarded Image Download in fal Provider

OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service...

8.3CVSS5.9AI score0.00227EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/24 12:57 p.m.6 views

CVE-2026-33484 Langflow has Unauthenticated IDOR on Image Downloads

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...

7.5CVSS5.8AI score0.05838EPSS
Exploits1References1
OSV
OSV
added 2026/03/24 12:57 p.m.7 views

CVE-2026-33484 Langflow has Unauthenticated IDOR on Image Downloads

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...

7.5CVSS5.9AI score0.05838EPSS
Exploits1References3
CVE
CVE
added 2026/03/24 12:57 p.m.30 views

CVE-2026-33484

Langflow exposes an unauthenticated IDOR on image downloads via /api/v1/files/images/{flow_id}/{file_name} in versions 1.0.0–1.8.1. An attacker who can discover or guess a flow_id can download any user’s uploaded images without credentials in multi-tenant deployments. A patch is available in vers...

7.5CVSS5.8AI score0.05838EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/20 8:47 p.m.12 views

langflow has Unauthenticated IDOR on Image Downloads

Summary The /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns the image with HTTP 200. Details src/backend/base/langflow/api/v1/files.py:138-164 — downloadimage takes...

7.5CVSS5.8AI score0.05838EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/11/04 3:31 p.m.10 views

GHSA-4VCX-3PJ3-44M7 Dosage vulnerable to a Directory Traversal through crafted HTTP responses

Impact When downloadinging comic images, Dosage constructs target file names from different aspects of the remote comic page URL, image URL, page content, etc.. While the basename is properly stripped of directory-traversing characters, the file extension is taken from the HTTP Content-Type heade...

8.8CVSS7.1AI score0.00443EPSS
Exploits0References4
Snyk
Snyk
added 2025/06/25 9:57 p.m.3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the machine init process. An attacker can intercept or manipulate data in transit by performing a man-in-the-middle attack during the download of VM images from an OCI registry. Workaround This...

8.3CVSS6.6AI score0.00397EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/25 9:57 p.m.3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the machine init process. An attacker can intercept or manipulate data in transit by performing a man-in-the-middle attack during the download of VM images from an OCI registry. Workaround This...

8.3CVSS6.6AI score0.00397EPSS
Exploits0References2
Rows per page
Query Builder