CVE-2026-3357 IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component...

cc.akkaha:asura-play_2.12 (>=0.5.0 <=0.6.0), cc.akkaha:pea_2.12 (>=0.1.0 <=0.7.0) +305 more potentially affected by CVE-2026-29000 via org.pac4j:pac4j-jwt (>=1.8.2 <=4.5.8)

org.pac4j:pac4j-jwt MAVEN version =1.8.2, =0.5.0, =0.1.0, =1.0, =1.0, =1.1, =1.1.0, =1.1.1, =1.1.1, =1.1.1, =1.0.0-beta-21, =1.0.0-beta-21, =1.0.0.RELEASE, =0.2.0, =0.2.0, =0.2.0, =0.9.0 and more Source cves: CVE-2026-29000 Source advisory: OSV:GHSA-PM7G-W2CF-Q238...

Linux Distros Unpatched Vulnerability : CVE-2024-7625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation...

CVE-2024-3078

A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 i...

WordPress File Manager Pro plugin <= 1.8.2 - Authenticated Plugin Settings Update vulnerability

Authenticated Plugin Settings Update vulnerability discovered by bart in WordPress Plugin File Manager Pro versions = 1.8.2...

cn.allbs:allbs-bom (>=1.0.7 <=2.0.0), cn.allbs:allbs-xxl-job (>=1.0.6 <=2.0.1) +124 more potentially affected by CVE-2022-43183 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.3.1)

com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.7, =1.0.6, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.6.0, =1.4.0.RELEASE, =1.4.0.RELEASE, =1.4.0.RELEASE, =1.4.0.RELEASE, =1.4.2.RELEASE and more Source cves: CVE-2022-43183 Source advisory: OSV:GHSA-83W4-X5W9-HF4H...

cn.centychen:xxl-job-spring-boot-starter (>=1.0.0-RELEASE <=1.0.1-RELEASE), cn.db101:xxl-job-spring-boot-starter (=1.1.0) +52 more potentially affected by CVE-2022-40929 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.2.0)

com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.6.0, =1.0.1, =2.1.1-RELEASE, =6.1.0, =0.0.4, =1.5.13, =1.0.7, =1.0.8 and more Source cves: CVE-2022-40929 Source advisory: OSV:GHSA-M54F-RP6R-RRRM...

icedtea-web path traversal vulnerability

icedtea-web is an open source implementation of JSR-56 Java Network Launching Protocol and API. A path traversal vulnerability in icedtea-web versions 1.7.2 and earlier and 1.8.2 and earlier, which stems from a failure of a network system or product to properly filter for special elements in the...

Apache Airflow Information Disclosure Vulnerability

Apache Airflow is the United States Apache Apache Software Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is dynamic and scalable features. A security vulnerability exists in Apache Airflow 1.8.2 and earlier versions. An attacker could exploi...

Exploit for OS Command Injection in Atom Electron

CVE-2018-1000006-DEMO A demo version of CVE-2018-1000006...