1276 matches found
CVE-2025-14386
The CVE-2025-14386 entry concerns the WordPress plugin “Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization” (versions 2.4.4–2.5.12). Connected sources confirm a missing capability check in generate_sso_url and validate_sso_token, enabling authentication...
CVE-2025-14386 Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization 2.4.4 - 2.5.12 - Missing Authorization to Authenticated (Subscriber+) Authentication Bypass via Account Takeover
The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generatessourl' and 'validatessotoken' functions in versions 2.4.4 to 2.5.12. This makes it...
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak...
kernel: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate command header size against SVGACMDMAXDATASIZE This data originates from userspace and is used in buffer offset calculations which could potentially overflow causing an out-of-bounds access...
EUVD-2026-4687
A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...
CVE-2026-1413 Sangfor Operation and Maintenance Security Management System HTTP POST Request port_validate portValidate command injection
A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ipandport/portvalidate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command...
CVE-2026-0770
Langflow execglobals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific...
kernel security update
An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...
Langflow affected by Remote Code Execution via validate_code() exec()
Langflow execglobals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific...
Arbitrary Code Injection
Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the code parameter in the validate endpoint. An attacker can execute arbitrary code with root...
Arbitrary Code Injection
Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection via the code parameter in the validate endpoint. An attacker can execute arbitrary code with root privileges by sending a specially crafted request...
Unsafe Dependency Resolution
Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the execglobals parameter in the validate endpoint. An attacker can execute arbitrary code by supplying crafted input to this parameter...
Unsafe Dependency Resolution
Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the execglobals parameter in the validate endpoint. An attacker can execute arbitrary cod...
CVE-2026-0770
Langflow execglobals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific...
CVE-2026-0770
Langflow execglobals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific...
CVE-2026-0768
Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...
CVE-2026-0768
Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...
CVE-2026-0770 Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
Langflow execglobals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific...
CVE-2026-0770 Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
Langflow execglobals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific...
CVE-2026-0770
Langflow is affected by a Remote Code Execution vulnerability (CVE-2026-0770) due to inclusion of functionality from an untrusted control sphere in the exec_globals handling of the validate endpoint. The Nuclei and PoC material indicate the flaw exists in Langflow’s validate_code path (e.g., /api...