Lucene search
K

60416 matches found

PyPA
PyPA
added 2026/03/24 1:16 p.m.14 views

PYSEC-2026-79

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

9.9CVSS5.9AI score0.03631EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2026/03/24 1:16 p.m.4 views

CVE-2026-33309

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

9.9CVSS0.01417EPSS
Exploits1References1
OSV
OSV
added 2026/03/24 1:16 p.m.6 views

PYSEC-2026-79

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

9.9CVSS5.9AI score0.01417EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/24 12:49 p.m.26 views

CVE-2026-33309 Langflow has an Arbitrary File Write (RCE) via v2 API

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

9.9CVSS0.01417EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/24 12:49 p.m.4 views

CVE-2026-33309 Langflow has an Arbitrary File Write (RCE) via v2 API

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

9.9CVSS6AI score0.01417EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 12:49 p.m.5 views

CVE-2026-33309

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

9.9CVSS6AI score0.03631EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2026/03/24 12:49 p.m.18 views

CVE-2026-33309

Summary (concrete details): CVE-2026-33309 affects Langflow 1.2.0–1.8.1 where a bypass of the CVE-2025-68478 patch enables an Arbitrary File Write via the v2 API endpoint /api/v2/files/. The root issue lies in the storage layer’s LocalStorageService, which lacks proper boundary containment checks...

9.9CVSS6AI score0.01417EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/24 12:49 p.m.11 views

CVE-2026-33309 Langflow has an Arbitrary File Write (RCE) via v2 API

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

9.9CVSS6AI score0.01417EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2026/03/24 12:0 p.m.4 views

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is...

6.3AI score
Exploits0
Veracode
Veracode
added 2026/03/24 10:58 a.m.8 views

Missing Cryptographic Key Commitment

github.com/aws/amazon-s3-encryption-client-go is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper validation of encrypted data keys when stored in instruction files instead of metadata, which allows an attacker with write access to the S3 bucket to introduc...

6CVSS7.3AI score0.00094EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/03/24 9:30 a.m.6 views

EUVD-2026-14780

Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...

7.8CVSS5.8AI score0.00113EPSS
Exploits0References2
OSV
OSV
added 2026/03/24 9:11 a.m.3 views

SUSE-SU-2026:0992-1 Security update for the Linux Kernel (Live Patch 44 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.176 fixes various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. - CVE-2023-53781: smc: Fix use-after-free in...

7.8CVSS6.8AI score0.00278EPSS
Exploits0References21
Veracode
Veracode
added 2026/03/24 8:47 a.m.12 views

Missing Cryptographic Key Commitment

software.amazon.encryption.s3, amazon-s3-encryption-client-java is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper validation of encrypted data keys when stored in instruction files instead of metadata, which allows an attacker with write access to the S3...

6CVSS5.8AI score0.00103EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/24 7:16 a.m.5 views

CVE-2026-4756

Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...

7.8CVSS0.00113EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 6:31 a.m.4 views

EUVD-2026-14758

Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10...

8.8CVSS5.8AI score0.00241EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/24 6:31 a.m.7 views

EUVD-2026-14752

Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54...

7.8CVSS5.8AI score0.00116EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:5 a.m.1 views

CVE-2026-4756

Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...

7.8CVSS5.8AI score0.00113EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/24 6:5 a.m.22 views

CVE-2026-4756 Out-of-bounds Write in MolotovCherry Android-ImageMagick7

Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...

7.8CVSS0.00113EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/24 6:5 a.m.5 views

CVE-2026-4756 Out-of-bounds Write in MolotovCherry Android-ImageMagick7

Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...

7.8CVSS5.8AI score0.00113EPSS
Exploits0References1
CVE
CVE
added 2026/03/24 6:5 a.m.13 views

CVE-2026-4756

The CVE-2026-4756 entry concerns an Out-of-bounds Write in MolotovCherry Android-ImageMagick7 affecting Android-ImageMagick7 prior to version 7.1.2-11. The issue is described as a local, high-severity impact with confidentiality, integrity, and availability all rated High (CVSS v3.1: AV=L/AC=L/PR...

7.8CVSS5.8AI score0.00113EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder