CVE-2026-5027 Langflow - Path Traversal Arbitrary File Write via upload_user_file

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences '../'...

Unspecified Vulnerability in AnythingLLM

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM suffers from a security vulnerability that stems from a suspended user not being blocked on the browser extension API key path in multi-user mode, which can be exploited by an attacker to cause the suspended user to...

AnythingLLM 安全漏洞

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM suffers from a security vulnerability that stems from a suspended user not being blocked on the browser extension API key path in multi-user mode, which can be exploited by an attacker to cause the suspended user to...

Fortinet FortiClientEMS 安全漏洞

Fortinet FortiClientEMS is part of Fortinet's Endpoint Management solution from Fortinet, Inc. and is designed to help organizations effectively manage endpoint devices in their networks and provide monitoring and control of endpoint security. A security vulnerability exists in Fortinet...

CVE-2022-28863

An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value...

Infoblox NIOS 安全漏洞

Infoblox NIOS is an operating system that powers Infoblox core network services. It ensures uninterrupted operation of the network infrastructure. A security vulnerability exists in Infoblox NIOS versions prior to 8.5.2, which stems from a program that allows entity expansion during an XML upload...