6 matches found
CVE-2026-24055 Langfuse Slack OAuth Installation Endpoint Lacks Authentication, Enabling Arbitrary Project Linking
Langfuse is an open source large language model engineering platform. In versions 3.146.0 and below, the /api/public/slack/install endpoint initiates Slack OAuth using a projectId provided by the client without authentication or authorization. The projectId is preserved throughout the OAuth flow,...
CVE-2026-24055
Langfuse Slack OAuth installation endpoint (/api/public/slack/install) in versions
CVE-2026-24055 Langfuse Slack OAuth Installation Endpoint Lacks Authentication, Enabling Arbitrary Project Linking
Langfuse is an open source large language model engineering platform. In versions 3.146.0 and below, the /api/public/slack/install endpoint initiates Slack OAuth using a projectId provided by the client without authentication or authorization. The projectId is preserved throughout the OAuth flow,...
CVE-2026-24055 Langfuse Slack OAuth Installation Endpoint Lacks Authentication, Enabling Arbitrary Project Linking
Langfuse is an open source large language model engineering platform. In versions 3.146.0 and below, the /api/public/slack/install endpoint initiates Slack OAuth using a projectId provided by the client without authentication or authorization. The projectId is preserved throughout the OAuth flow,...
EUVD-2023-53897
Malicious code in bioql PyPI...
SUSE CVE-2019-15619
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...