Summary
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-JXCW-QP4H-6JFQ
PraisonAI A2U incomplete authentication fix leaves current serve command unauthenticated by default
- CRITICALGHSA-892R-P3JQ-JP24
PraisonAI: AgentOS remains unauthenticated after incomplete fix version and allows remote agent invocation
- HIGHGHSA-3PRJ-6HQW-CM82
PHP JWT Library: PBES2-HS*+A*KW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service
- HIGHGHSA-FQ4X-789W-JG5H
AgenticMail: Unauthenticated inbound mail triggers bypassPermissions resume of the operator's Claude Code session (bridge-wake)
- MEDIUMGHSA-JM82-FX9C-MX94
pypdf: Missing stream length values ignore defined limits
- HIGHGHSA-38RV-X7PX-6HHQ
undici WebSocket client vulnerable to denial of service via cumulative fragment bypass