Lucene search
K

35125 matches found

NVD
NVD
added yesterday4 views

CVE-2026-7871

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-40404

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally...

10CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-10134 Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally...

10CVSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-10134

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally...

10CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-40382

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday14 views

CVE-2026-58370 Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name

Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is populated from the git commit author name commit.author.name carried in the webhook payload, which is attacker-controlled and not verified by GitLab. A us...

9.2CVSS
Exploits0References4
Nuclei
Nuclei
added 2 days ago29 views

Pre-Auth Takeover of Build Pipelines in GoCD

GoCD contains a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information including build secrets and encryption keys. id: CVE-2021-43287 info: name: Pre-Auth Takeover of Build Pipelines in GoCD author: dhiyaneshDk severity...

7.5CVSS7.2AI score0.26907EPSS
Exploits2References5
Nuclei
Nuclei
added 3 days ago26 views

Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

8.8CVSS7.2AI score0.31809EPSS
Exploits8References3
Nuclei
Nuclei
added 3 days ago29 views

Kubernetes Dashboard <1.10.1 - Authentication Bypass

Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. id: CVE-2018-18264 info: name: Kubernetes Dashboard 1.10.1 - Authentication Bypass author: edoardottt severity: high description: | Kubernetes...

7.5CVSS7.1AI score0.70372EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 3 days ago9 views

Linux Distros Unpatched Vulnerability : CVE-2026-11625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-39498

pnpm: Repository config can expand victim environment secrets into registry requests before scripts run...

6.5CVSS5.8AI score0.00212EPSS
Exploits1References2
NVD
NVD
added 5 days ago7 views

CVE-2026-55069

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...

8.7CVSS0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago23 views

CVE-2026-55069 Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...

8.7CVSS0.00153EPSS
Exploits0References1
Chainguard
Chainguard
added 5 days ago4 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-rds, kueue-fips, crossplane-provider-aws-secretsmanager, crossplane-provider-aws-s3-fips, agentbeat-fips, crossplane-provider-azure-storagesync, crossplane-provider-aws-dynamodb, crossplane-provider-aws-route53resolver,...

5.8AI score
Exploits0
Chainguard
Chainguard
added 5 days ago5 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-rds, kueue-fips, crossplane-provider-aws-secretsmanager, crossplane-provider-aws-s3-fips, agentbeat-fips, crossplane-provider-azure-storagesync, crossplane-provider-aws-dynamodb, crossplane-provider-aws-route53resolver,...

5.8AI score
Exploits0
Chainguard
Chainguard
added 5 days ago4 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: kine, zot, istio, tekton-pipelines, gitlab-kas, argo-workflows-fips, frankenphp-8.5, trivy-operator, rancher-agent, trivy-fips, seaweedfs-rocksdb, kyverno-fips, seaweedfs-rocksdb-fips, zarf, frankenphp-8.4, containerd, skaffold-fips, coder, backup-restore-operator,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 5 days ago6 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: gomplate, chisel, k8sgpt, argo-events, k9s, mods, guac, nerdctl, podman, cilium-cli, falcoctl, osv-scanner, act, crossplane-provider-azure-storage, eksctl, docker-cli-buildx, pulumi-kubernetes-operator, cloud-provider-aws, kubescape, flux-source-controller,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 5 days ago5 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: gomplate, chisel, k8sgpt, argo-events, k9s, sealed-secrets, mods, guac, crossplane-provider-aws-firehose, nerdctl, podman, cilium-cli, falcoctl, osv-scanner, act, crossplane-provider-azure-storage, eksctl, docker-cli-buildx, pulumi-kubernetes-operator,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 5 days ago5 views

GHSA-F5WC-C3C7-36MC vulnerabilities

Vulnerabilities for packages: gomplate, k9s, argo-events, guac, nerdctl, podman, cilium-cli, osv-scanner, act, docker-cli-buildx, pulumi-kubernetes-operator, cloud-provider-aws, kubescape, flux-source-controller, prometheus-operator, external-secrets-operator, scorecard, kubernetes,...

5.8AI score
Exploits0
NVD
NVD
added 5 days ago7 views

CVE-2026-11702

Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess...

7.5CVSS0.00292EPSS
Exploits0References4
Rows per page
Query Builder