CVE-2026-4502 Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

CVE-2026-4502 Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

GHSA-G2J9-7RJ2-GM6C Langflow has an Arbitrary File Write (RCE) via v2 API

Summary While reviewing the recent patch for CVE-2025-68478 External Control of File Name in v1.7.1, I discovered that the root architectural issue within LocalStorageService remains unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on...

EUVD-2013-0016

Malware in sbrugna...

EUVD-2022-2324

Malicious code in bioql PyPI...

MAL-2025-41510 Malicious code in @twork-data-services/proxy-invest-v2-api-v1-customer-margin-attributes (npm)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2015-1881

OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by creating a large number of images using the task v2 API and then deleting them, a different...

OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file

The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...

GHSA-Q73F-VJC2-3GQF OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file

The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...

OpenStack Glance improper validation of the image_size_cap configuration option

OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option, which allows remote authenticated users to cause a denial of service disk consumption by...

GHSA-VWR9-9F8V-VP5M OpenStack Glance arbitrary deletion of non-protected images

The v2 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573...

Authorization Bypass

openstack-glance is vulnerable to authorization bypass. A flaw was discovered in the OpenStack Image service where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to...

Arbitrary File Read

openstack-glance is vulnerable to arbitrary file read. A flaw was found in the OpenStack Image Service glance import task action. When processing a malicious qcow2 header, glance could be tricked into reading an arbitrary file from the glance host. Only setups using the glance V2 API are affected...

Arbitrary File Read

openstack-glance is vulnerable to arbitrary file read attacks. The vulnerability exists as the V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the...

Let's Encrypt to Offer Wildcard Certificates in 2018

Certificate authority Let’s Encrypt said this week it will begin offering wildcard certificates in 2018. Wildcard certificates are public key certificates that can be used with multiple subdomains of a domain. The certificates are traditionally viewed as less expensive and more convenient by...

CVE-2015-5163

The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...

PYSEC-2015-39

The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...

CVE-2014-9684

OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by creating a large number of images using the task v2 API and then deleting them before the uploads...

Important: Red Hat Security Advisory: openstack-glance security update

Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0 and Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security...

CVE-2015-1195

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...