368629 matches found
CVE-2026-59094
Affected software: Pathway, affected up to v0.31.1. Vulnerability: document store applies a caller-supplied glob pattern to indexed document paths via a hand-written recursive matcher that branches on each ** token without memoization, yielding exponential worst-case complexity. The pattern from ...
CVE-2026-59093
Weaviate prior to 1.38.0 fails to verify that a principal granting RBAC roles actually has permissions within those roles. The assignRoleToUser and assignRoleToGroup endpoints (POST /authz/users/{id}/assign, /authz/groups/{id}/assign) only check that the caller may assign roles, not the permissio...
CVE-2026-59092
JuiceFS
CVE-2026-58580
LobeChat up to version 2.2.9 is affected by broken object-level authorization in MessageModel. An authenticated user who knows another user’s non-enumerable message identifier can overwrite that victim’s plugin tool‑call metadata, plugin state/error, and TTS/translation records via tRPC message p...
CVE-2026-52732
Technical details for CVE-2026-52732 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-58579
RAGFlow before 0.26.3 stores an agent pipeline (DSL) node name without sanitization. The update endpoint normalizes DSL via JSON serialization but preserves the node name, and the dataflow-result UI renders it with dangerouslySetInnerHTML while i18next escapeValue is false, allowing an authentica...
CVE-2026-58578
CVE-2026-58578 affects LobeChat prior to version 2.2.10-canary.15. A crafted basePath containing unescaped regex metacharacters in a GitHub repository URL path during skill import is used to inject a catastrophic-backtracking pattern into a dynamically constructed regex in the findSkillMd functio...
CVE-2025-71385
Netdata before 2.3.1 is vulnerable to reflected XSS via the love query parameter on /api/v2/ilove.svg and /api/v3/ilove.svg, where the parameter is inserted into the SVG text without escaping. The attack surface includes endpoints with HTTP_ACL_NOCHECK and anonymous access, and bearer-token prote...
CVE-2026-7872
Summary of CVE-2026-7872 (Langflow OSS) : IBM’s security bulletin details a path traversal vulnerability in the File component’s tar extraction, allowing an authenticated attacker to upload crafted tar archives containing symbolic links to read arbitrary files (including the server’s JWT signing ...
CVE-2026-8056
Summary: The CVE relates to Langflow OSS (Langflow OSS 1.0.0–1.10.0) where authenticated users can override component parameters at runtime via the API due to a flaw in the apply_tweaks() parameter filtering. This code injection vulnerability (CWE-94) can let an attacker supply malicious tweak pa...
CVE-2026-7755
Langflow OSS (Langflow OSS 1.0.0–1.10.0) contains a validated bypass in the File Manager API that allows uploading MCP server configuration files without triggering MCPServerConfig validation. An authenticated attacker could craft a configuration that, when used during server enumeration and conn...
CVE-2026-7667
The CVE-2026-7667 entry is supported by IBM's security bulletin for Langflow OSS, which describes a path traversal vulnerability in the API Request component’s response handling. An authenticated attacker can induce a victim using save_to_file=True to fetch a crafted Content-Disposition header fr...
CVE-2026-7754
CVE-2026-7754 affects Langflow OSS 1.0.0–1.10.0. SSRF protection could be disabled via default settings (ssrf_protection_enabled) allowing server-side requests to arbitrary URLs, including cloud metadata endpoints. The issue is fixed in Langflow OSS by upgrading to version 1.10.1; current default...
CVE-2026-9202
Langflow OSS is affected: unauthenticated attackers can create unlimited user accounts on vulnerable instances. If NEW_USER_IS_ACTIVE is enabled, new accounts become active immediately and can access RCE endpoints, potentially achieving remote code execution with server privileges. Affected versi...
CVE-2026-12946
CVE-2026-12946 is associated with IBM’s security bulletin describing a remote code execution vulnerability in the CUGA component CodeAgent used by Langflow OSS. An authenticated user could run arbitrary commands on the server when a flow using CodeAgent is created and executed, via the Python cod...
CVE-2026-9198
CVE-2026-9198: IBM security bulletin describes Langflow OSS 1.0.0–1.10.0 as vulnerable to unauthenticated remote code execution by chaining /api/v1/auto_login (mints superuser tokens) with /api/v1/validate/code (executes code). Root cause CWE-94: improper code generation/validation. Impact: full ...
CVE-2026-9103
Langflow OSS versions 1.0.0–1.10.0 are affected by CVE-2026-9103 due to an unauthenticated /api/v1/login/auto_login endpoint that issues long‑lived 365‑day superuser tokens when AUTO_LOGIN is enabled (default). This also combines with permissive CORS, risking token exposure. Upgrading to Langflow...
CVE-2026-52731
Technical details for CVE-2026-52731 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-8635
CVE-2026-8635 is linked to IBM’s Security Bulletin about a vulnerability in the Python Interpreter component of Langflow OSS. The issue allows authenticated users to execute arbitrary code and escalate to superuser level by manipulating the database and bypassing sandboxing/validation, potentiall...
CVE-2026-8859
CVE-2026-8859 relates to a path traversal vulnerability in Langflow OSS (versions 1.0.0–1.10.0) within the APIRequest component’s “Save to File” feature. Filenames parsed from server-controlled Content-Disposition headers were not sanitized before joining with a temporary directory path, allowing...