6 matches found
CVE-2026-10129 SSRF via HTTP Redirect Following in Langflow API Request Component
IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges flow author role can bypass SSRF protections by enabling the followredirects parameter and supplying a...
CVE-2025-61778 Akka.Remote TLS did not properly implement certificate-based authentication
Akka.NET is a .NET port of the Akka project from the Scala / Java community. In all versions of Akka.Remote from v1.2.0 to v1.5.51, TLS could be enabled via our akka.remote.dot-netty.tcp transport and this would correctly enforce private key validation on the server-side of inbound connections...
OESA-2024-2198 python-Flask-Cors security update
A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default, without any configuration option...
DEBIAN-CVE-2024-6221
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...
UBUNTU-CVE-2024-6221
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...
Flask-CORS 安全漏洞
Flask-CORS is a cross-origin resource sharing component for Flask by the individual developer Cory Dolphin. A security vulnerability exists in Flask-CORS version 4.0.1 that stems from allowing Access-Control-Allow-Private-Network to set the CORS header to true by default without any configuration...