10 matches found
Django: Django: Denial of Service via crafted request with duplicate headers
A flaw was found in Django. A remote attacker can exploit this vulnerability by sending a crafted request containing multiple duplicate headers to the ASGIRequest component. This can lead to a potential Denial of Service DoS, making the affected system unavailable to legitimate users...
CVE-2025-68477
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, an...
CVE-2025-68477
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, an...
CVE-2025-68477 Langflow vulnerable to Server-Side Request Forgery
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, an...
CVE-2025-68477
Summary: CVE-2025-68477 in Langflow describes an SSRF risk introduced by the API Request component prior to version 1.7.0. The component accepts a user-supplied URL, only normalizes/validates basic format, and then issues the request via a server-side httpx client. It does not block private addre...
CVE-2024-34034
An issue was discovered in FlexRIC 2.0.0. It crashes during a Subscription Request denial-of-service DoS attack, triggered by an assertion error. An attacker must send a high number of E42 Subscription Requests to the Near-RT RIC component...
CVE-2016-4371
HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery SSRF attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and...
CVE-2015-5149
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. dot dot in the component parameter in the Request component to workorder/Attachment.jsp...
Directory traversal
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. dot dot in the component parameter in the Request component to workorder/Attachment.jsp...
CVE-2015-5149
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. dot dot in the component parameter in the Request component to workorder/Attachment.jsp...