CVE-2026-37457

An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR stable/10.0 allows attackers to cause a Denial of Service DoS via supplying a crafted FlowSpec component...

PT-2026-36354

Name of the Vulnerable Software and Affected Versions AcademySoftwareFoundation OpenImageIO versions prior to 3.2.0.1-dev Description An out-of-bounds write issue exists within the DDS Image Handler component, specifically affecting the src/dds.imageio/ddsinput.cpp file. This flaw requires local...

PT-2026-36332

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the f2fs compress write end io function. The dec page countsbi, type function can reduce the F2FS WB CP DATA counter to zero, which may unblock f2fs wait...

Open SAE J1939 数字错误漏洞

Open SAE J1939 is a CAN bus communication protocol library for industrial vehicles from the individual developer Daniel Mårtensson. Open SAE J1939 suffers from a numeric error vulnerability that stems from an integer underflow in the SAEJ1939ReadTransportProtocolDataTransfer function, which allow...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from insufficient control of request size verification in fuac1legacy. This vulnerability may lead to...

CVE-2026-40685

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping...

CVE-2026-4502

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

CVE-2026-3345

IBM Langflow Desktop API v2 File Upload Endpoint (POST /api/v2/files) is vulnerable to a path traversal due to improper validation/sanitation of user-supplied filenames passed to LocalStorageService, allowing authenticated attackers to write files outside the intended upload directory and potenti...

CVE-2026-3345 Path Traversal and Arbitrary File Write Vulnerability in IBM Langflow Desktop API v2 File Upload Endpoint

IBM Langflow Desktop =1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2026-3345 Path Traversal and Arbitrary File Write Vulnerability in IBM Langflow Desktop API v2 File Upload Endpoint

IBM Langflow Desktop =1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2026-4502

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

CVE-2026-4502 Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

CVE-2026-4502 Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

EUVD-2026-26434

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

Exploit for CVE-2026-31431

CVE-2026-31431 Copy Fail – a 4‑byte page‑cache write prim...

CVE-2026-33451 Arbitrary read/write vulnerability in Windows clients prior to 14.50

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system...

CVE-2026-33451

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system...

CVE-2026-33451

CVE-2026-33451 : An arbitrary read/write vulnerability exists in the Secure Access Windows client prior to version 14.50. With local control of the Windows client, an attacker can send malformed data to a documented API and elevate privileges to SYSTEM. The connected documents confirm the affecte...

CVE-2026-33451 Arbitrary read/write vulnerability in Windows clients prior to 14.50

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system...

EUVD-2026-26423

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system...