Résumé
Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read
Références
Vulnérabilités liées
Tout Supply chain →- MEDIUMGHSA-HGW6-8C77-V4GQ
Armeria: External Control of File Name or Path in xDS SDS DataSource
- MEDIUMGHSA-M54H-VHF9-3W3M
BBOT: Arbitrary File Write in postman_download Module
- HIGHGHSA-P6GQ-J5CR-W38F
Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message
- HIGHGHSA-F44V-7QGW-9GH9
PraisonAI GitHub template cache path traversal allows outside-cache file write and directory deletion
- MEDIUMGHSA-Q59X-JC9F-GFQF
Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints
- MEDIUMGHSA-5739-39V2-5754
PHP JWT Library: RSA1_5 (RSAES-PKCS1-v1_5) decryption lacks implicit rejection, exposing a Bleichenbacher/Marvin padding oracle