VulnCheck KEV: CVE-2026-21445

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

CVE-2026-32326

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

PT-2026-27642

Name of the Vulnerable Software and Affected Versions SHARP routers affected versions not specified Description SHARP routers lack authentication for certain web APIs, allowing retrieval of device information without proper authorization. If the administrative password remains at its default...

CVE-2026-22240

The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the...

PT-2026-2906

The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the...

EUVD-2026-1999

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies,...

CVE-2026-22788

WebErpMesv2 (Resource Management/MES Web) before version 1.19 exposes multiple sensitive API endpoints without authentication. An unauthenticated remote attacker can read business-critical data (companies, quotes, orders, tasks, whiteboards) and have limited write access to create company records...

CVE-2026-21445

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

CVE-2025-13283

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...

CVE-2025-13283

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...

EUVD-2019-15089

Malware in sbrugna...

EUVD-2025-20794

Malicious code in bioql PyPI...

EUVD-2025-6077

Malicious code in bioql PyPI...

EUVD-2024-33532

Malicious code in bioql PyPI...

CVE-2025-3499

The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system...

PT-2025-28865 · Radiflow · Isap Smart Collector

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The device has two web servers that expose unauthenticated REST APIs on the management network, specifically on TCP ports 8084 and 8086. An attacker can exploit OS command injection through...

CVE-2025-27641

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009...

CVE-2025-27641

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009...

CVE-2025-27641

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009...

CVE-2025-27641

CVE-2025-27641 affects Vasion Print (formerly PrinterLogic) prior to Virtual Appliance Host 22.0.951 and Application 20.0.2368, with an underlying issue described as unauthenticated access to APIs used for Single Sign-On (V-2024-009). The CVSSv3.1 vector in the initial record indicates a network-...