261 matches found
CVE-2026-55450
Langflow prior to 1.9.1 allows unauthenticated uploads via the /upload/{flow_id} endpoint, enabling unlimited data transfer, which can cause server disk-space exhaustion (DoS). The response also leaks the absolute path of the uploaded file, an information leak that could aid further attacks. The ...
Important: Red Hat Security Advisory: OpenShift Compliance Operator bug fix and enhancement update
An updated OpenShift Compliance Operator image that fixes various bugs and adds new enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog. The OpenShift Compliance Operator v1.9.1 is now available. See the documentation for bug fix information:...
PT-2026-48674
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...
CVE-2026-24554
Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...
PT-2026-46040
Name of the Vulnerable Software and Affected Versions crypton-x509-validation versions prior to 1.9.1 crypton-x509 versions prior to 1.9.1 x509 affected versions not specified x509-validation affected versions not specified Description The crypton-x509-validation and crypton-x509 libraries fail t...
CVE-2026-7524 Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution
IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction...
CVE-2026-24554
Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...
CVE-2026-24554
Affected software: WordPress WPSubscription plugin (versions up to 1.9.1). Issue: Cross-Site Request Forgery (CSRF) vulnerability as described in CVE-2026-24554. CVSS v3.1 base score: 4.3 (Medium); attack vector NETWORK, attack complexity Low, privileges required None, user interaction Required, ...
CVE-2026-24554 WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...
CVE-2026-24554 WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...
PT-2026-43138
Name of the Vulnerable Software and Affected Versions WPSubscription versions prior to 1.9.2 Description A Cross-Site Request Forgery CSRF flaw exists in the Convers Lab WPSubscription plugin. This issue allows an attacker to induce a victim to perform unintended actions on the web application by...
UBUNTU-CVE-2026-43826
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
CVE-2026-43826
The CVE-2026-43826 affects the OpenSearch logging provider used with Apache Airflow providers-opensearch. When the host URL includes embedded credentials (for example https://user:password@server:9200), the provider writes the full host URL, including credentials, to task logs. This allows any us...
PT-2026-39579
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
Fedora 44 : containernetworking-plugins (2026-d6b4b4df31)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d6b4b4df31 advisory. - Update to release v1.9.1 - Resolves: rhbz2448053, rhbz2423997, rhbz2424031 - Upstream fixes Tenable has extracted the preceding description block...
Fedora 42 : containernetworking-plugins (2026-7ed700921c)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7ed700921c advisory. Update to release v1.9.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
EUVD-2026-11802
Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...
CVE-2026-32329
Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...
PT-2026-25177
Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through = 1.9.1...
CVE-2025-60087
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...