Critical Auth Bypass Found in IBM Langflow OSS
A critical authentication flaw in IBM Langflow OSS allows unauthenticated remote attackers to execute arbitrary flows, potentially leading to RCE.
30 results for “critical”
A critical authentication flaw in IBM Langflow OSS allows unauthenticated remote attackers to execute arbitrary flows, potentially leading to RCE.
A critical authentication bypass in IBM Langflow OSS allows unauthenticated remote attackers to execute arbitrary flows and potentially achieve RCE.
A critical authentication bypass vulnerability in VMware Avi Load Balancer allows unauthorized network access to the control plane, requiring immediate action.
A critical vulnerability in the Urwid web display backend allows attackers to predict session IDs and gain unauthorized access to terminal sessions.
A critical authentication bypass in VMware Avi Load Balancer allows unauthorized access to the control plane, necessitating immediate patching.
A critical vulnerability in SurrealDB allows attackers with scripting privileges to execute arbitrary code or read memory, necessitating an immediate update.
A critical format string vulnerability in SurrealDB allows attackers with scripting privileges to execute arbitrary code or read sensitive memory.
A critical injection vulnerability in SurrealDB allows authenticated users to achieve privilege escalation and full system takeover via malicious database exports.
A critical vulnerability in the Urwid web display backend allows attackers to predict session IDs or access FIFO files, leading to full remote code execution.
A critical authentication bypass vulnerability in VMware Avi Load Balancer allows unauthorized access to the control plane, necessitating immediate patching.
A critical authentication bypass in IBM Langflow OSS versions 1.0.0 through 1.10.0 enables remote attackers to execute flows without valid credentials.
A critical vulnerability in IBM Langflow OSS allows for arbitrary file writes, posing a severe risk to systems utilizing the APIRequest component.
A critical authentication bypass in VMware Avi Load Balancer allows unauthorized access to the control plane, necessitating immediate patching.
A critical authentication bypass in Android allows unauthorized users to send messages via Gemini without requiring a device PIN.
A critical improper input validation flaw in Zoom for Windows enables unauthenticated remote account takeover via network access.
A critical business logic vulnerability in HCL Aftermarket EPC allows unauthorized users to intercept and redirect password recovery emails.
A critical vulnerability in YAML::Syck allows attackers to trigger out-of-bounds memory reads via specially crafted !!binary YAML nodes.
A critical authentication flaw in the AI Copilot WordPress plugin exposes sites to full administrative takeover by unauthenticated attackers.
New research confirms that public sector organizations now face a daily ransomware attack, highlighting a critical infrastructure crisis.
A critical vulnerability in Bricksforge allows unauthenticated attackers to create administrator accounts via public registration forms.
A critical flaw in Grav CMS before version 2.0.4 allows attackers to bypass two-factor authentication, potentially leading to unauthorized account access.
A critical deserialization vulnerability in Microsoft SharePoint is currently under active exploitation, requiring urgent remediation by federal agencies.
A hard-coded JWT secret in clawvet API versions before 0.7.5 allows unauthenticated remote attackers to forge session cookies and steal sensitive user data.
A critical vulnerability in the Clawvet self-hosted API server allows unauthenticated attackers to forge session cookies and hijack user accounts.
CISA has added a critical OS command injection vulnerability in Fortinet FortiSandbox to its KEV catalog following reports of active, real-world exploitation.
A missing capability check in Aimogen Pro versions 2.8.4 and earlier allows unauthenticated attackers to execute arbitrary PHP and gain administrative access.
A critical vulnerability in the Bricksforge WordPress plugin allows unauthenticated attackers to create unauthorized administrator accounts.
A critical flaw in Grav versions before 2.0.4 permits attackers to bypass two-factor authentication by overwriting existing security secrets.
A critical vulnerability in clawvet API versions before 0.7.5 allows unauthenticated attackers to forge session cookies and access sensitive user information.
A critical vulnerability in the illumos SCTP inbound path allows unauthenticated remote attackers to trigger kernel heap corruption and potential code execution.