Lucene search
K

5 matches found

OSV
OSV
added 2026/03/24 1:14 p.m.4 views

CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS5.8AI score0.07992EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-8962

Malware in sbrugna...

5.9CVSS5.9AI score0.00312EPSS
Exploits0References4
OSV
OSV
added 2024/11/21 5:14 p.m.22 views

CVE-2024-52307 authentik allows a timing attack due to missing constant time comparison for metrics view

authentik is an open-source identity provider. Due to the usage of a non-constant time comparison for the /-/metrics/ endpoint it was possible to brute-force the SECRETKEY, which is used to authenticate the endpoint. The /-/metrics/ endpoint returns Prometheus metrics and is not intended to be...

6.3CVSS6.6AI score0.00531EPSS
Exploits0References5
Prion
Prion
added 2024/01/08 2:15 p.m.21 views

Design/Logic Flaw

pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77...

5CVSS7.2AI score0.42173EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/08 1:20 p.m.3 views

CVE-2024-21644 pyLoad unauthenticated flask configuration leakage

pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77...

7.5CVSS7.5AI score0.42173EPSS
Exploits1References2
Rows per page
Query Builder