CVE-2026-7439

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation...

CVE-2026-7439

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation...

EUVD-2026-26278

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation...

PT-2026-35970

Name of the Vulnerable Software and Affected Versions AgentFlow affected versions not specified Description The local web API fails to enforce application/json validation for non-JSON content types on the 'POST /api/runs' and 'POST /api/runs/validate' endpoints. This allows attackers to bypass...

EUVD-2020-2566

Malware in sbrugna...

EUVD-2024-54330

Malicious code in bioql PyPI...

CVE-2022-28108

Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...

CVE-2024-58130

In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses...

CVE-2024-58130

In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses...

CVE-2024-58130

In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses...

CVE-2024-58130

In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses...

CVE-2024-58130

In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses...

PYSEC-2024-112

An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except f...

Cross-site Request Forgery (CSRF)

github.com/argoproj/argo-cd is vulnerable to Cross-site Request Forgery CSRF. The vulnerability is due to a lack of strict content type validation for API requests. It accepts requests with non-JSON content types like text/plain, which allows an attacker to bypass browser CORS policies and SameSi...

CVE-2023-29105

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1, SIMATIC Cloud Connect 7 CC716 All versions V2.1. The affected device is vulnerable to a denial of service while parsing a random non-JSON MQTT payload. This could allow an attacker who can...

Selenium Server (Grid) CSRF

Selenium Server Grid before 4.0.0-alpha-7 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...

CVE-2022-28108

Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...

CVE-2022-28108

Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...

PYSEC-2022-43167

Selenium Server Grid before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...