60416 matches found
PYSEC-2026-79
Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...
CVE-2026-33309
Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...
PYSEC-2026-79
Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...
CVE-2026-33309 Langflow has an Arbitrary File Write (RCE) via v2 API
Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...
CVE-2026-33309 Langflow has an Arbitrary File Write (RCE) via v2 API
Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...
CVE-2026-33309
Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...
CVE-2026-33309
Summary (concrete details): CVE-2026-33309 affects Langflow 1.2.0–1.8.1 where a bypass of the CVE-2025-68478 patch enables an Arbitrary File Write via the v2 API endpoint /api/v2/files/. The root issue lies in the storage layer’s LocalStorageService, which lacks proper boundary containment checks...
CVE-2026-33309 Langflow has an Arbitrary File Write (RCE) via v2 API
Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is...
Missing Cryptographic Key Commitment
github.com/aws/amazon-s3-encryption-client-go is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper validation of encrypted data keys when stored in instruction files instead of metadata, which allows an attacker with write access to the S3 bucket to introduc...
EUVD-2026-14780
Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...
SUSE-SU-2026:0992-1 Security update for the Linux Kernel (Live Patch 44 for SUSE Linux Enterprise 15 SP4)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.176 fixes various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. - CVE-2023-53781: smc: Fix use-after-free in...
Missing Cryptographic Key Commitment
software.amazon.encryption.s3, amazon-s3-encryption-client-java is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper validation of encrypted data keys when stored in instruction files instead of metadata, which allows an attacker with write access to the S3...
CVE-2026-4756
Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...
EUVD-2026-14758
Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10...
EUVD-2026-14752
Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54...
CVE-2026-4756
Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...
CVE-2026-4756 Out-of-bounds Write in MolotovCherry Android-ImageMagick7
Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...
CVE-2026-4756 Out-of-bounds Write in MolotovCherry Android-ImageMagick7
Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...
CVE-2026-4756
The CVE-2026-4756 entry concerns an Out-of-bounds Write in MolotovCherry Android-ImageMagick7 affecting Android-ImageMagick7 prior to version 7.1.2-11. The issue is described as a local, high-severity impact with confidentiality, integrity, and availability all rated High (CVSS v3.1: AV=L/AC=L/PR...