Lucene search
K

6 matches found

OSV
OSV
added 2026/06/19 9:18 p.m.10 views

GHSA-CCV6-R384-XP75 Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

Summary All components based on BaseFileComponent are vulnerable to the following vulnerability: 1. Docling DoclingInlineComponent 2. Docling Serve DoclingRemoteComponent 3. Read File FileComponent 4. NVIDIA Retriever Extraction NvidiaIngestComponent 5. Video File VideoFileComponent 6. Unstructur...

9.6CVSS6.3AI score0.00411EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.13 views

CVE-2026-44788

SharpCompress is a fully managed C library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be...

6.5CVSS5.6AI score0.00313EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.10 views

PT-2026-42620

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...

9.6CVSS6.4AI score
Exploits0References4
Amazon
Amazon
added 2026/04/14 12:0 a.m.12 views

Medium: rust

Issue Overview: A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the malicious data being able to corrupt data being hold in memory and to system availabilit...

8.1CVSS5.9AI score0.00688EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : rh-nodejs14-nodejs-nodemon-2.0.3-6.el7, rh-nodejs14-nodejs-14.18.2-1.el7 (AXSA:2022-2921:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2921:01 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ansi-regex: Regular expression denial of service ReDoS matching ANSI esca...

9.8CVSS8AI score0.03563EPSS
Exploits4References7
NVD
NVD
added 2002/10/28 5:0 a.m.30 views

CVE-2002-1216

GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check...

5CVSS6.5AI score0.01571EPSS
Exploits0References5
Rows per page
Query Builder