13 matches found
Binding to an Unrestricted IP Address
Overview Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address which defaults to 0.0.0.0 when the -port argument is used or the -listen argument is used without specifying a host. An attacker can execute arbitrary code remotely by connecting to the exposed...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to missing enforcement of organization scopes in the zitadel process. An attacker can gain unauthorized access to resources or perform actions outside their permitted organization by exploiting this lack of sco...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the passkey registration process. An attacker can gain unauthorized access to user accounts by reusing expired registration codes to register their own passkey. Remediation Upgrade...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Actions V2 webhook. An attacker can access internal network resources and gather information about internal services by specifying target URLs that resolve to local hosts or internal IP addresses...
CVE-2025-57760
Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in...
CVE-2025-57760 Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation
Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in...
PT-2025-34678
Name of the Vulnerable Software and Affected Versions: Langflow affected versions not specified Description: Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with Remote Co...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the session management API due to a missing permission check. An attacker can impersonate other users and access sensitive resources by updating sessions if they know the session ID. Remediation Upgrade...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the Session API. An attacker can authenticate on behalf of the user by repeatedly using idp intents to retrieve the id and token from the application's URI. Remediation Upgrade...
CVE-2010-4654
poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack...
ovirt-engine: Missing permissions check in web ui allows a user with basic privileges to delete disks
It was discovered that in the ovirt REST API, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges e.g. Basic Operations could exploit this flaw to delete disks attached to...
Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read Vulnerability
Exploit for linux platform in category local exploits Exploit Title: Dell EMC RecoverPoint boxmgmt CLI /etc/passwd: terminating, 34 bad configuration options Command "ssh -F /etc/passwd 127.0.0.1" exit...
DEWESoft X3 SP1 (x64) - Remote Command Execution
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESS.txt + ISR: Apparition Security Vendor: ============= www.dewesoft.com Product: =========== DEWESoft X3 SP1 64-bit installer - X3...