CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

362 matches found

Positive Technologies•added 2026/05/16 12:0 a.m.•8 views

PT-2026-41448

Name of the Vulnerable Software and Affected Versions MyBB Timeline Plugin version 1.0 Description Cross-site scripting issues allow the injection of malicious scripts via thread titles, post content, and user profile fields such as Location and Bio. Additionally, a cross-site request forgery fla...

6.9CVSS5.8AI score0.00038EPSS

Exploits0References5

EUVD•added 2026/04/12 3:30 p.m.•1 views

EUVD-2019-20141

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

9.8CVSS5.8AI score0.00564EPSS

Exploits1References5

NVD•added 2026/04/12 1:16 p.m.•1 views

CVE-2019-25709

9.8CVSS0.00564EPSS

Exploits1References4

ATTACKERKB•added 2026/04/12 12:28 p.m.•2 views

CVE-2019-25709

9.8CVSS5.8AI score0.00564EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/04/12 12:28 p.m.•18 views

CVE-2019-25709 CF Image Hosting Script 1.6.5 Unauthorized Database Access

9.8CVSS0.00564EPSS

Exploits1References4

CVE•added 2026/04/12 12:28 p.m.•5 views

CVE-2019-25709

CF Image Hosting Script 1.6.5 is vulnerable to unauthenticated access that lets an attacker download and decode the application database (imgdb.db in upload/data). The deserialized database stores delete IDs in plaintext, enabling an attacker to delete all pictures by manipulating the d parameter...

9.8CVSS5.8AI score0.00564EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/04/12 12:0 a.m.•1 views

PT-2026-32171

9.8CVSS5.8AI score0.00564EPSS

Exploits1References6

OSV•added 2026/03/24 2:16 p.m.•2 views

PYSEC-2026-81

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

7.5CVSS5.8AI score0.00042EPSS

Exploits1References1

NVD•added 2026/03/24 2:16 p.m.•1 views

CVE-2026-33497

8.7CVSS0.00042EPSS

Exploits1References1

PyPA•added 2026/03/24 2:16 p.m.•6 views

PYSEC-2026-81

8.7CVSS5.8AI score0.00042EPSS

Exploits1References1Affected Software1

OSV•added 2026/03/24 1:14 p.m.•0 views

CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

8.7CVSS5.8AI score0.00042EPSS

Exploits1References3

Vulnrichment•added 2026/03/24 1:14 p.m.•2 views

CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

8.7CVSS5.8AI score0.00042EPSS

Exploits1References1

CVE•added 2026/03/24 1:14 p.m.•5 views

CVE-2026-33497

Langflow contains a directory-traversal vulnerability in the /profile_pictures/{folder_name}/{file_name} endpoint (download_profile_picture) where folder_name and file_name are not strictly filtered. This allows an attacker to read files outside the intended directory, including the application’s...

8.7CVSS5.8AI score0.00042EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/03/24 1:14 p.m.•14 views

CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

8.7CVSS0.00042EPSS

Exploits1References1

ATTACKERKB•added 2026/03/24 1:14 p.m.•1 views

CVE-2026-33497

8.7CVSS5.8AI score0.00042EPSS

Exploits1References2Affected Software1

CNNVD•added 2026/03/24 12:0 a.m.•2 views

Langflow 路径遍历漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow prior to 1.7.1 contained a path traversal vulnerability. This vulnerability stemmed from the lack of strict parameter filtering for the...

8.7CVSS5.8AI score0.00042EPSS

Exploits1References1

Github Security Blog•added 2026/03/20 8:56 p.m.•4 views

langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

Vulnerability Path Traversal in GET /api/v1/files/profilepictures/foldername/filename The downloadprofilepicture function in src/backend/base/langflow/api/v1/files.py constructed file paths by directly concatenating the user-supplied foldername and filename path parameters without sanitization or...

8.7CVSS6AI score0.00042EPSS

Exploits1References3Affected Software1

Snyk•added 2026/03/20 8:56 p.m.•1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the downloadprofilepicture function in the /profilepictures/foldername/filename endpoint, where the foldername and filename parameters are not properly filtered. An attacker can access sensitive files outside the...

9.3CVSS6.5AI score0.00042EPSS

Exploits1References2

OSV•added 2026/03/20 8:56 p.m.•2 views

GHSA-PH9W-R52H-28P7 langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

8.7CVSS6AI score0.00042EPSS

Exploits1References3

Positive Technologies•added 2026/03/20 12:0 a.m.•2 views

PT-2026-26781

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.1 Description Langflow is a tool for building and deploying AI-powered agents and workflows. In the download profile picture function of the /profile pictures/folder name/file name API endpoint, the folder name a...

8.7CVSS5.8AI score0.00042EPSS

Exploits1References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by