Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.3 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of the file...

CVE-2026-40728

Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a through = 1.8.3...

XQUIC 安全漏洞

XQUIC is an open-source cross-platform implementation code base for QUIC and HTTP/3 protocols developed by Alibaba. Versions of XQUIC 1.8.3 and earlier contain security vulnerabilities. These vulnerabilities stem from improper input validation and encryption signature verification, which may lead...

SUSE CVE-2026-24005

Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since...

EUVD-2026-14538

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write files anywhere on the file system. Moreover, this interface only requires authProcedure normal user, not superAdminAuthMiddleware. At time o...

EUVD-2026-14535

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join to concatenate paths but does not verify if the final path is within the plugins directory, leading to path traversal. At time of publication, there are no publicly...

PT-2026-27207

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write files anywhere on the file system. Moreover, this interface only requires authProcedure normal user, not superAdminAuthMiddleware. At time o...

PT-2026-27206

Name of the Vulnerable Software and Affected Versions Blinko versions prior to 1.8.3 Description Blinko is an AI-powered card note-taking project. The plugin file server endpoint uses the join function to concatenate paths but does not verify if the final path is within the plugins directory,...

CVE-2026-24005 OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field

Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since...

CVE-2026-24005 OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field

Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The webhook validation does not restrict the Host field in these probe configurations. Since...

PT-2026-21979

Name of the Vulnerable Software and Affected Versions Kruise versions prior to 1.8.3 Kruise versions prior to 1.7.5 Description Kruise allows automated management of applications on Kubernetes. A flaw exists in the PodProbeMarker functionality where the webhook validation does not restrict the...

AZL-71473 CVE-2025-65637 affecting package umoci 0.4.7-13

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

CVE-2025-65637

CVE-2025-65637 affects github.com/sirupsen/logrus, where calling Entry.Writer() with a single-line payload larger than 64KB (no newline) can trigger the internal bufio.Scanner token-too-long condition, closing the writer pipe and causing DoS/availability impact. Affected versions:

Logrus 安全漏洞

Logrus is a logging library for Go by the individual developer Simon Eskildsen. A security vulnerability exists in Logrus versions prior to 1.8.3, 1.9.0, and 1.9.2, which stems from a denial of service that can be caused by logging a single line with a payload greater than 64KB...

CVE-2025-39370 WordPress iCafe Library plugin <= 1.8.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cnilsson iCafe Library allows SQL Injection.This issue affects iCafe Library: from n/a through 1.8.3...

WordPress plugin iCafe Library SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

10.30.npm-learning (>=1.0.0 <=1.1.0), 2017_node (=1.0.0) +3309 more potentially affected by CVE-2024-8373 via angular (>=0.0.1 <=1.8.3)

angular NPM version =0.0.1, =1.0.0, =4.13.7-rc4, =1.103.1, =1.103.1, =1.102.4, =1.102.3, =1.102.3, =1.4.156, =1.0.3, =1.0.0, =1.0.0, =0.5.0, =0.5.2 and more Source cves: CVE-2024-8373 Source advisory: OSV:GHSA-MQM9-C95H-X2P6...

WordPress iPanorama 360 plugin <= 1.8.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin iPanorama 360 WordPress Virtual Tour Builder versions = 1.8.3...

WordPress Fetch JFT plugin <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Fetch JFT versions = 1.8.3...

OpenComputers 安全漏洞

OpenComputers is a Minecraft module open-sourced by OpenComputers. A security vulnerability exists in OpenComputers 1.8.3 and earlier versions, which stems from a Denial of Service DOS vulnerability when using the function xpcall...