Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.8 HIGH
CVE-2026-7667 — Path Traversal Vulnerability in API Request Component Content-Disposition Header Processi…

IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header (e…

langflow_oss | Remote | Path Traversal
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
0.0 NA
CVE-2026-49834 — sigstore-go: Multi-log threshold bypass via single compromised log

sigstore-go is a Go library for Sigstore signing and verification. Prior to 1.2.0, a verifier configured with WithTransparencyLog(N>1) or WithSignedCertificateTimestamps(N>1) counts verified witnesse…

sigstore-go | Misconfiguration
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
7.7 HIGH
CVE-2026-7754 — SSRF Protection Configuration Vulnerability

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could allow server-side request forgery (SSRF) due to insecure default configuration and incomplete enforcement of the SSRF protection mechanism.

langflow_oss | Remote | Server-Side Request Forgery
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
8.8 HIGH
CVE-2026-7755 — MCP Server Configuration Validator Bypass via File Upload API

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files.

langflow_oss | Remote | Misconfiguration
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
0.0 NA
CVE-2026-49284 — SimpleSAMLphp SP accepts a response from an unexpected IdP when unsigned `Response/InResp…

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. Prior to 2.4.7 and 2.5.2, SimpleSAMLphp's SAML SP ACS path does not enforce the IdP selected for an SP-initiated …

| Information Disclosure
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
7.5 HIGH
CVE-2026-9171 — Vulnerabilities in IBM WebSphere Application affects IBM PowerVM Novalink.

IBM PowerVM Novalink are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory res…

Remote | Denial of Service
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
9.9 CRITICAL
CVE-2026-9135 — Policies Component Dynamic CodeInput Fields Bypass Custom Component Validation

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 (commit 94981c443d4918517b9e8163d70fc598dc33a32d) contain a code injection vulnerability in the Policies component's ToolGuard inte…

langflow_oss | Remote | Injection
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
9.8 CRITICAL
CVE-2026-9103 — Unauthenticated Superuser Token Issuance via Auto-Login Endpoint

IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access due to improper authentication in the /api/v1/login/auto_login endpoint. The endpoint issues long-lived…

langflow_oss | Remote | Authentication
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
8.8 HIGH
CVE-2026-58195 — Agentic-Flow: OS Command Injection in agentic-flow MCP server tools via unsanitized tool-…

Agentic-Flow is an AI agent orchestration platform. Prior to 2.0.14, agentic-flow MCP server tools in src/mcp/standalone-stdio.ts, src/mcp/fastmcp/servers/claude-flow-sdk.ts, src/mcp/fastmcp/servers/…

Remote | Injection
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
8.2 HIGH
CVE-2026-53712 — SCRAM: Silent channel-binding authentication downgrade via unsupported certificate algori…

SCRAM (Salted Challenge Response Authentication Mechanism) is part of the family of Simple Authentication and Security Layer (SASL, RFC 4422) authentication mechanisms. Prior to 3.3, a flaw in com.on…

Remote | Authentication
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
7.5 HIGH
CVE-2026-52746 — JSONata: Malicious inputs to "$toMillis" function can cause resource exhaustion

JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leadi…

jsonata | Remote | Denial of Service
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
2.0 LOW
CVE-2026-50185 — RustCrypto Cmov/CmovEq on aarch64 can produce wrong results if high-bits of registers are…

RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. From 0.1.1 until 0.5.4, …

| Memory Corruption
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
5.9 MEDIUM
CVE-2026-49835 — Sigstore Timestamp Authority: OOM due to unbounded metric label cardinality

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.1.0, the global wrapMetrics middleware records raw HTTP request path r.URL.Path and raw HTTP request method r.Met…

Remote | Information Disclosure
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
5.3 MEDIUM
CVE-2026-48487 — Zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruptio…

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.16, _read_character_string and _read_string in src/zeroconf/_protocol/incoming.py advanced self.offset by a…

| Information Disclosure
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
6.5 MEDIUM
CVE-2026-48045 — Zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-sour…

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.12, AsyncListener.handle_query_or_defer retained every truncated TC-bit incoming query, each up to _MAX_MSG…

| Denial of Service
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
6.5 MEDIUM
CVE-2026-47184 — Zeroconf: Unbounded DNS record cache allows LAN-local memory exhaustion via multicast flo…

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache._async_add inserted every response record into cache, _expirations, _expire_heap, and service_c…

| Denial of Service
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
6.5 MEDIUM
CVE-2026-47183 — Zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame loca…

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.6, DNSIncoming._log_exception_debug and the four QuietLogger exception-dedup methods stored an unbounded _s…

| Memory Corruption
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
6.5 MEDIUM
CVE-2026-47180 — Zeroconf: Unbounded recursion in DNS compression-pointer decoder allows LAN-local denial …

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming._decode_labels_at_offset recurses once per DNS-name compression pointer, and a single mDNS p…

| Denial of Service
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
6.4 MEDIUM
CVE-2026-45703 — Pimcore: WordExport Authorization Bypass for Unauthorized Document Export

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.7, the WordExport export flow in bundles/WordExportBundle/src/Controller/TranslationController.php onl…

Remote | Authorization
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
8.2 HIGH
CVE-2026-45309 — AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys …

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.0, AsyncSSH expands the OpenSS…

Remote | Path Traversal
Jul 17, 2026 Jul 17, 2026
Jul 17, 2026
Jul 17, 2026
Showing 20 of 7825 Results