Lucene search
K

8 matches found

NVD
NVD
added 2026/06/30 8:17 p.m.5 views

CVE-2026-10546

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF vulnerability in the URL component src/lfx/src/lfx/components/datasource/url.py due to a Time-of-Check/Time-of-Use TOCTOU race condition that can be exploited via DNS rebinding...

7.1CVSS0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:54 p.m.11 views

CVE-2026-10546

CVE-2026-10546 affects IBM Langflow OSS versions 1.0.0–1.9.3. A Server-Side Request Forgery (SSRF) in the URL component (src/lfx/src/lfx/components/data_source/url.py) arises from a TOCTOU race condition that can be exploited via DNS rebinding. The vulnerability stems from validating URLs in vali...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/30 7:54 p.m.8 views

EUVD-2026-40402

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF vulnerability in the URL component src/lfx/src/lfx/components/datasource/url.py due to a Time-of-Check/Time-of-Use TOCTOU race condition that can be exploited via DNS rebinding...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:54 p.m.41 views

CVE-2026-10546 DNS Rebinding TOCTOU Bypass of SSRF Protection in Langflow OSS URL Component

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF vulnerability in the URL component src/lfx/src/lfx/components/datasource/url.py due to a Time-of-Check/Time-of-Use TOCTOU race condition that can be exploited via DNS rebinding...

7.1CVSS0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/04/30 9:4 p.m.16 views

CVE-2026-3340

CVE-2026-3340 is a Server-Side Request Forgery (SSRF) in the IBM Langflow Desktop URL data source component affecting versions 1.0.0–1.8.4 . An authenticated attacker can cause the Langflow server to make arbitrary requests to internal or restricted network resources, potentially enabling network...

6.5CVSS5.2AI score0.00167EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/06/23 12:0 a.m.12 views

CVE-2023-48978

An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component...

0.00903EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/12/31 12:0 a.m.3 views

Ariadne Component Library 代码问题漏洞

Ariadne Component Library is a set of url, http and xss components for Ariadne CMS open source. A code issue vulnerability exists in Ariadne Component Library version 2.x and prior versions. An attacker could exploit this vulnerability to perform server-side request forgery attacks...

9.8CVSS6.6AI score0.00662EPSS
Exploits0References5
Prion
Prion
added 2009/06/02 6:30 p.m.17 views

Stack overflow

Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via an itms: URL with a long URL component after a colon...

9.3CVSS8.2AI score0.28815EPSS
Exploits21References14Affected Software1
Rows per page
Query Builder