31 matches found
CVE-2026-6542
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flowid to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow...
CVE-2026-6542 Monitor API allows cross-user read of transaction logs and deletion of build data via flow_id
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flowid to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow...
EUVD-2026-26447
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flowid to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow...
Security Bulletin: Monitor API allows cross-user read of transaction logs and deletion of build data via flow_id
Summary Langflow OSS is affected by an insecure direct object reference vulnerability in its Monitor API due to missing authorization checks. Although these endpoints require authentication, they fail to verify ownership of the provided flowid, allowing any authenticated user to access or...
PT-2026-29362
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...
CVE-2026-26063
CediPay (crypto-to-fiat app) prior to version 1.2.3 is affected by a vulnerability that allows bypassing input validation in the transaction API. Root cause: improper input validation in the API path. Impact stated across sources includes unauthorized transactions and potential exposure of financ...
CVE-2020-12023
Philips IntelliBridge Enterprise IBE, Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns VS4, EarlyVue VS30 and IntelliVue Guardian IGS. Unencrypted user credentials received in the IntelliBridge Enterprise IBE are logged within the transaction logs, which are...
EUVD-2020-4339
Malware in sbrugna...
ETrace:Event-Driven Vulnerability Detection in Smart Contracts Via LLM-Based Trace Analysis
With the advance application of blockchain technology in various fields, ensuring the security and stability of smart contracts has emerged as a critical challenge. Current security analysis methodologies in vulnerability detection can be categorized into static analysis and dynamic analysis...
CVE-2024-12329
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
CVE-2024-12329
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
PT-2024-17545 Β· WordPress Β· Essential Real Estate
Name of the Vulnerable Software and Affected Versions: Essential Real Estate plugin for WordPress versions up to and including 5.1.6 Description: The issue is related to a missing capability check on several pages and post types, allowing authenticated attackers with Contributor-level access and...
WordPress plugin Essential Real Estate δΏ‘ζ―ζ³ι²ζΌζ΄
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...
CVE-2024-9865
The EventPrime β Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βepbookingattendeefieldsβ fields in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2020-12023
Philips IntelliBridge Enterprise IBE, Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns VS4, EarlyVue VS30 and IntelliVue Guardian IGS. Unencrypted user credentials received in the IntelliBridge Enterprise IBE are logged within the transaction logs, which are...
CVE-2020-12023
Philips IntelliBridge Enterprise IBE, Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns VS4, EarlyVue VS30 and IntelliVue Guardian IGS. Unencrypted user credentials received in the IntelliBridge Enterprise IBE are logged within the transaction logs, which are...
Code injection
Philips IntelliBridge Enterprise IBE, Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns VS4, EarlyVue VS30 and IntelliVue Guardian IGS. Unencrypted user credentials received in the IntelliBridge Enterprise IBE are logged within the transaction logs, which are...
CVE-2020-12023 Philips IntelliBridge Enterprise IBE Insertion of Sensitive Information into Log File
Philips IntelliBridge Enterprise IBE, Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns VS4, EarlyVue VS30 and IntelliVue Guardian IGS. Unencrypted user credentials received in the IntelliBridge Enterprise IBE are logged within the transaction logs, which are...
PT-2020-12991 Β· Philips Β· EarlyvueΒ +3
Name of the Vulnerable Software and Affected Versions: Philips IntelliBridge Enterprise IBE versions B.12 and prior Description: The issue concerns the logging of unencrypted user credentials within the transaction logs of the IntelliBridge Enterprise system. These logs are secured behind a...
Regipy - An OS Independent Python Library For Parsing Offline Registry Hives
Regipy is a python library for parsing offline registry hives. regipy has a lot of capabilities: Use as a library: Recurse over the registry hive, from root or a given path and get all subkeys and values Read specific subkeys and values Apply transaction logs on a registry hive Command Line Tools...