Lucene search
+L

14 matches found

cve
cve
added 2026/06/30 7:59 p.m.17 views

CVE-2026-10129

CVE-2026-10129 affects IBM Langflow OSS 1.0.0–1.9.3. A SSRF protection bypass exists in the API Request component: with a low-privilege flow author, an attacker can enable follow_redirects and supply a public URL that redirects to internal/localhost addresses. The app validates only the initial U...

8.5CVSS5.8AI score0.00185EPSS
Exploits0References1Affected Software1
ibm
ibm
added 2026/06/23 4:9 p.m.3 views

Security Bulletin: SSRF via HTTP Redirect Following in Langflow API Request Component

Summary Langflow OSS contains SSRF vulnerability in API Request component allowing authenticated flow authors to read localhost/private HTTP services via redirect following. APIRequestComponent.makeapirequest validates only initial URL with validateandresolveurl and pins DNS for initial hostname,...

8.5CVSS5.9AI score0.00185EPSS
Exploits0Affected Software1
redhatcve
redhatcve
added 2026/06/06 12:43 p.m.17 views

CVE-2026-11346

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

5.3CVSS5.6AI score0.00226EPSS
Exploits0References1
redhat
redhat
added 2026/03/26 8:30 p.m.7 views

Django: Django: Denial of Service via crafted request with duplicate headers

A flaw was found in Django. A remote attacker can exploit this vulnerability by sending a crafted request containing multiple duplicate headers to the ASGIRequest component. This can lead to a potential Denial of Service DoS, making the affected system unavailable to legitimate users...

7.5CVSS7.1AI score0.00993EPSS
Exploits0References7
redhatcve
redhatcve
added 2025/12/20 5:12 p.m.15 views

CVE-2025-68477

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, an...

7.7CVSS6.6AI score0.0576EPSS
Exploits1References1
nvd
nvd
added 2025/12/19 5:15 p.m.5 views

CVE-2025-68477

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, an...

7.7CVSS0.0576EPSS
Exploits1References1
cve
cve
added 2025/12/19 4:43 p.m.17 views

CVE-2025-68477

Summary: CVE-2025-68477 in Langflow describes an SSRF risk introduced by the API Request component prior to version 1.7.0. The component accepts a user-supplied URL, only normalizes/validates basic format, and then issues the request via a server-side httpx client. It does not block private addre...

7.7CVSS6.3AI score0.0576EPSS
Exploits1References1Affected Software1
osv
osv
added 2025/12/19 4:43 p.m.4 views

CVE-2025-68477 Langflow vulnerable to Server-Side Request Forgery

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, an...

7.7CVSS6.5AI score0.0576EPSS
Exploits1References3
nvd
nvd
added 2025/02/25 3:15 p.m.8 views

CVE-2024-34034

An issue was discovered in FlexRIC 2.0.0. It crashes during a Subscription Request denial-of-service DoS attack, triggered by an assertion error. An attacker must send a high number of E42 Subscription Requests to the Near-RT RIC component...

5.7CVSS0.0023EPSS
Exploits0References2
osv
osv
added 2016/06/19 1:59 a.m.6 views

CVE-2016-4371

HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery SSRF attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and...

8CVSS5.8AI score0.006EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2015/08/07 12:0 a.m.8 views

The vulnerability of the Apache HTTP Server web server allows attackers to trigger a service failure.

The vulnerability of the luawebsocketread function in the luarequest.c component of the Apache HTTP Server exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failure by sending a specially crafted WebSocket Ping reques...

5CVSS6.5AI score0.18812EPSS
Exploits0References6Affected Software1
nvd
nvd
added 2015/06/30 2:59 p.m.23 views

CVE-2015-5149

Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. dot dot in the component parameter in the Request component to workorder/Attachment.jsp...

5.5CVSS6.4AI score0.10434EPSS
Exploits1References4
prion
prion
added 2015/06/30 2:59 p.m.17 views

Directory traversal

Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. dot dot in the component parameter in the Request component to workorder/Attachment.jsp...

5.5CVSS6.8AI score0.10434EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2015/06/30 2:0 p.m.24 views

CVE-2015-5149

Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. dot dot in the component parameter in the Request component to workorder/Attachment.jsp...

6.4AI score0.10434EPSS
Exploits1References4
Rows per page
Query Builder