Summary
Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit
References
Related vulnerabilities
All Supply chain →- MEDIUMGHSA-H4H3-3RFJ-X6FQ
SurrealDB: Indexed ORDER BY leaks the value ordering of a SELECT-restricted field
- MEDIUMGHSA-WVRH-2F4M-924V
ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer
- LOWGHSA-97PR-9HGG-3P8R
parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change
- MEDIUMGHSA-PR33-38XX-6R26
http4k: BasicCookieStorage` (renamed `InsecureCookieStorage`) did not enforce RFC 6265 cookie scoping; new `DefaultCookieStorage` is now the default
- MEDIUMGHSA-JR33-MW75-7J8F
dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens
- MEDIUMGHSA-FCW4-WWQM-M8CF
Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName