EUVD-2026-35991

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

EUVD-2026-33940

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...

CVE-2026-28116 WordPress Progress Planner plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...

EUVD-2026-33929

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...

CVE-2026-28116 WordPress Progress Planner plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...

CVE-2026-7528 Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS

IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption...

PT-2026-43985

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.0 Description Uncontrolled resource consumption may lead to a denial of service, a condition where a system becomes unavailable to its intended users. Recommendations At the moment, there is no...

Astra Linux - уязвимость в python-py

A denial of service attack via regular expressions in the py.path.svnwc component of py also known as python-py in versions up to 1.9.0 could be exploited by attackers to trigger a compute-time denial of service attack by providing malicious input to the blame functionality...

CVE-2026-44304

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...

CVE-2026-44304

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...

CVE-2026-44305

Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the...

CVE-2026-44304 Lemur: LDAP Filter Injection enables post-authentication privilege escalation

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...

CVE-2026-44304 Lemur: LDAP Filter Injection enables post-authentication privilege escalation

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...

CVE-2026-44304

Summary: Lemur’s LDAP authentication module (lemur/auth/ldap.py) constructs LDAP filters using unsanitized username input, enabling a post-authentication LDAP filter injection that can modify group membership queries and escalate privileges to administrator. This affects Lemur prior to version 1....

CVE-2026-42048

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths withou...

CVE-2026-42048 Langflow: Path Traversal in Langflow Knowledge Bases API

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths withou...

CVE-2026-42048

Langflow prior to 1.9.0 is vulnerable to path traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases) due to user-supplied kb_names being concatenated into file paths. The issue stems from building paths manually and passing them to deletion without proper normalization, enabling an...

CVE-2026-40584 RansomLook - Improper Filtering of Private Location Entries in API Endpoints Leads to Information Exposure

RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries...

CVE-2026-40584

CVE-2026-40584 affects RansomLook. The vulnerability arises in the API at website/web/api/genericapi.py prior to version 1.9.0, where entries marked private are not properly filtered due to removing elements from a list while iterating. This can cause private location entries to be unintentionall...

EUVD-2026-24180

RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries...