Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/30 7:59 p.m.30 views

CVE-2026-10129 SSRF via HTTP Redirect Following in Langflow API Request Component

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges flow author role can bypass SSRF protections by enabling the followredirects parameter and supplying a...

8.5CVSS0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/06 4:53 p.m.8 views

CVE-2025-61778 Akka.Remote TLS did not properly implement certificate-based authentication

Akka.NET is a .NET port of the Akka project from the Scala / Java community. In all versions of Akka.Remote from v1.2.0 to v1.5.51, TLS could be enabled via our akka.remote.dot-netty.tcp transport and this would correctly enforce private key validation on the server-side of inbound connections...

9.3CVSS0.00374EPSS
Exploits0References5
OSV
OSV
added 2024/09/27 11:9 a.m.3 views

OESA-2024-2198 python-Flask-Cors security update

A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default, without any configuration option...

7.5CVSS6.8AI score0.00677EPSS
Exploits1References2
OSV
OSV
added 2024/08/18 7:15 p.m.2 views

DEBIAN-CVE-2024-6221

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...

7.5CVSS6.7AI score0.00677EPSS
Exploits1References1
OSV
OSV
added 2024/08/18 7:15 p.m.15 views

UBUNTU-CVE-2024-6221

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...

7.5CVSS6.9AI score0.00677EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/08/18 12:0 a.m.5 views

Flask-CORS 安全漏洞

Flask-CORS is a cross-origin resource sharing component for Flask by the individual developer Cory Dolphin. A security vulnerability exists in Flask-CORS version 4.0.1 that stems from allowing Access-Control-Allow-Private-Network to set the CORS header to true by default without any configuration...

7.5CVSS6.6AI score0.00677EPSS
Exploits1References4
Rows per page
Query Builder