Lucene search
K

261 matches found

CVE
CVE
added 2026/06/23 4:17 p.m.35 views

CVE-2026-55450

Langflow prior to 1.9.1 allows unauthenticated uploads via the /upload/{flow_id} endpoint, enabling unlimited data transfer, which can cause server disk-space exhaustion (DoS). The response also leaks the absolute path of the uploaded file, an information leak that could aid further attacks. The ...

9.3CVSS5.9AI score0.0031EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/17 1:17 p.m.9 views

Important: Red Hat Security Advisory: OpenShift Compliance Operator bug fix and enhancement update

An updated OpenShift Compliance Operator image that fixes various bugs and adds new enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog. The OpenShift Compliance Operator v1.9.1 is now available. See the documentation for bug fix information:...

8.8CVSS7.9AI score0.00621EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.15 views

PT-2026-48674

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

7.5CVSS5.4AI score0.00248EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.12 views

CVE-2026-24554

Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...

4.3CVSS5.4AI score0.00122EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-46040

Name of the Vulnerable Software and Affected Versions crypton-x509-validation versions prior to 1.9.1 crypton-x509 versions prior to 1.9.1 x509 affected versions not specified x509-validation affected versions not specified Description The crypton-x509-validation and crypton-x509 libraries fail t...

9.1CVSS5.6AI score0.00223EPSS
Exploits0References30
Cvelist
Cvelist
added 2026/05/27 1:14 p.m.50 views

CVE-2026-7524 Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction...

9.8CVSS0.00624EPSS
Exploits0References1
NVD
NVD
added 2026/05/25 10:16 p.m.8 views

CVE-2026-24554

Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...

4.3CVSS0.00122EPSS
Exploits0References1
CVE
CVE
added 2026/05/25 9:41 p.m.23 views

CVE-2026-24554

Affected software: WordPress WPSubscription plugin (versions up to 1.9.1). Issue: Cross-Site Request Forgery (CSRF) vulnerability as described in CVE-2026-24554. CVSS v3.1 base score: 4.3 (Medium); attack vector NETWORK, attack complexity Low, privileges required None, user interaction Required, ...

4.3CVSS5.8AI score0.00122EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/25 9:41 p.m.8 views

CVE-2026-24554 WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...

4.3CVSS5.8AI score0.00122EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/25 9:41 p.m.20 views

CVE-2026-24554 WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...

4.3CVSS0.00122EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.16 views

PT-2026-43138

Name of the Vulnerable Software and Affected Versions WPSubscription versions prior to 1.9.2 Description A Cross-Site Request Forgery CSRF flaw exists in the Convers Lab WPSubscription plugin. This issue allows an attacker to induce a victim to perform unintended actions on the web application by...

4.3CVSS5.8AI score0.00122EPSS
Exploits0References3
OSV
OSV
added 2026/05/11 9:16 a.m.7 views

UBUNTU-CVE-2026-43826

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References5
CVE
CVE
added 2026/05/11 8:21 a.m.22 views

CVE-2026-43826

The CVE-2026-43826 affects the OpenSearch logging provider used with Apache Airflow providers-opensearch. When the host URL includes embedded credentials (for example https://user:password@server:9200), the provider writes the full host URL, including credentials, to task logs. This allows any us...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39579

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

5.8AI score0.0041EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.3 views

Fedora 44 : containernetworking-plugins (2026-d6b4b4df31)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d6b4b4df31 advisory. - Update to release v1.9.1 - Resolves: rhbz2448053, rhbz2423997, rhbz2424031 - Upstream fixes Tenable has extracted the preceding description block...

7.5CVSS7.4AI score0.00523EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.3 views

Fedora 42 : containernetworking-plugins (2026-7ed700921c)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7ed700921c advisory. Update to release v1.9.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

7.5CVSS5.9AI score0.00523EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/13 9:31 p.m.4 views

EUVD-2026-11802

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:54 p.m.3 views

CVE-2026-32329

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...

5.3CVSS0.00224EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.4 views

PT-2026-25177

Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References3
NVD
NVD
added 2026/02/20 4:22 p.m.6 views

CVE-2025-60087

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...

8.1CVSS0.00578EPSS
Exploits0References1
Rows per page
Query Builder