19531 matches found
UBUNTU-CVE-2025-61025
An issue in the sslrqstget component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
UBUNTU-CVE-2025-61019
An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
Security Bulletin: DNS Rebinding TOCTOU Bypass of SSRF Protection in Langflow OSS URL Component
Summary Langflow OSS contains DNS rebinding TOCTOU vulnerability bypassing SSRF protection. URL component validates URLs with validateurlforssrf but fetches via RecursiveUrlLoader performing independent DNS resolution, creating exploitable TOCTOU window. Maintainers fixed identical issue in...
EUVD-2026-38476
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An...
CVE-2026-54314
n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public...
EUVD-2026-38459
n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing...
Vulnerability Reports Are Not Special Anymore
A requirement for staying sane while working in public as an open source maintainer is realizing that every issue, PR, and piece of feedback is a present, not an obligation. You can accept it, ignore it, and use it partially or not at all. Except… For years, as lead of the Go Security team at the...
CVE-2025-61018
An issue in the sqloplacedtset component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2025-61023
An issue in the stcompare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2025-61029
CVE-2025-61029 describes a DoS in the sqlo_untry component of openlink virtuoso-opensource (v7.2.11). The issue arises from handling crafted SQL statements in that component, enabling an attacker to disrupt service. Connected sources confirm the affected product/version and impact (Denial of Serv...
CVE-2025-61023
The CVE-2025-61023 entry concerns openlink virtuoso-opensource, specifically the st_compare component in version 7.2.11. Multiple connected sources confirm that a flaw in st_compare can be exploited by sending crafted SQL statements, resulting in a Denial of Service (DoS) that can render the serv...
CVE-2025-61021
The CVE-2025-61021 entry concerns openlink virtuoso-opensource v7.2.11, specifically the sqlo_natural_join_cond component. The issue enables Denial of Service via crafted SQL statements. Public details across connected documents confirm the affected product/version and the root cause (sqlo_natura...
PT-2026-51540
Name of the Vulnerable Software and Affected Versions openlink virtuoso-opensource version 7.2.11 Description A flaw in the sqlo natural join cond component allows attackers to trigger a Denial of Service DoS by using specially crafted SQL statements. Recommendations At the moment, there is no...
CVE-2025-61019
An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2025-61019
An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2025-61021
An issue in the sqlonaturaljoincond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2025-61022
The vulnerability CVE-2025-61022 affects OpenLink Virtuoso Open-Source (v7.2.11) in the sqlo_tb_col_preds component. It allows an attacker to cause a Denial of Service via crafted SQL statements. Public references in the connected documents confirm the DoS impact, but there are no details about e...
CVE-2025-61025
CVE-2025-61025 affects openlink virtuoso-opensource 7.2.11, specifically the sslr_qst_get component. The issue allows a Denial of Service via crafted SQL statements. The CVSSv3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H with a base score of 7.5 (HIGH). Connected sources identify the...
CVE-2025-61019
The data shows a vulnerability in virtuoso-opensource (openlink) version 7.2.11 affecting the sqlo_key_part_best component. The issue allows an attacker to trigger a Denial of Service (DoS) via crafted SQL statements, with the root cause located in sqlo_key_part_best. The CVE entry is consistentl...
CVE-2025-61018
CVE-2025-61018 affects OpenLink Virtuoso Open-Source v7.2.11, specifically the sqlo_place_dt_set component. The issue allows attackers to cause a Denial of Service via crafted SQL statements. The connected documents confirm the affected product/version and the DoS impact, but do not provide explo...