Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.8 views

CVE-2026-33484

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...

7.5CVSS5.8AI score0.05838EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/05 6:12 p.m.3 views

CVE-2025-24372 XSS vector in user uploaded images in group/org and user profiles in ckan

CKAN is an open-source DMS data management system for powering data hubs and data portals. Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could...

7.3CVSS7.4AI score0.00424EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/02/05 6:12 p.m.15 views

CVE-2025-24372 XSS vector in user uploaded images in group/org and user profiles in ckan

CKAN is an open-source DMS data management system for powering data hubs and data portals. Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could...

7.3CVSS0.00424EPSS
Exploits0References6
OSV
OSV
added 2025/02/05 5:41 p.m.3 views

GHSA-7PQ5-QCP6-MCWW CKAN has an XSS vector in user uploaded images in group/org and user profiles

Impact Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could lead to escalation of privileges of the original submitter or other malicious actions...

7.3CVSS7.5AI score0.00424EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2025/02/05 5:41 p.m.12 views

CKAN has an XSS vector in user uploaded images in group/org and user profiles

Impact Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could lead to escalation of privileges of the original submitter or other malicious actions...

7.3CVSS7.7AI score0.00424EPSS
Exploits0References9Affected Software1
Prion
Prion
added 2019/07/26 4:15 a.m.21 views

Code injection

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public...

5CVSS5.2AI score0.07968EPSS
Exploits4References3Affected Software1
Rows per page
Query Builder