π¨ CVE-2026-4269
A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before version v0.1.13 who build or have built the Toolkit after September 24, 2025. Any users on a version >=v0.1.13, and any users on previous versions who built the toolkit before September 24, 2025 are not affected.
To remediate this issue, customers should upgrade to version v0.1.13.
π@cveNotify
A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before version v0.1.13 who build or have built the Toolkit after September 24, 2025. Any users on a version >=v0.1.13, and any users on previous versions who built the toolkit before September 24, 2025 are not affected.
To remediate this issue, customers should upgrade to version v0.1.13.
π@cveNotify
Amazon
CVE-2026-4269 - Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit
A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime.
π¨ CVE-2025-62320
HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resources included in that HTML, which can cause unexpected requests from the userβs browser.
π@cveNotify
HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external resources included in that HTML, which can cause unexpected requests from the userβs browser.
π@cveNotify
Hcl-Software
Security Bulletin:HTML Injection Leading to Data Exfiltration to External Server(CVE-2025-62320) - Customer Support
HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform,
π¨ CVE-2026-34046
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` setting to decide whether to filter by `user_id`. When `AUTO_LOGIN` was `False` (i.e., authentication was enabled), neither branch enforced an ownership check β the query returned any flow matching the given UUID regardless of who owned it. This allowed any authenticated user to read any other user's flow, including embedded plaintext API keys; modify the logic of another user's AI agents, and/or delete flows belonging to other users. The vulnerability was introduced by the conditional logic that was meant to accommodate public/example flows (those with `user_id = NULL`) under auto-login mode, but inadvertently left the authenticated path without an ownership filter. The fix in version 1.5.1 removes the `AUTO_LOGIN` conditional entirely and unconditionally scopes the query to the requesting user.
π@cveNotify
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` setting to decide whether to filter by `user_id`. When `AUTO_LOGIN` was `False` (i.e., authentication was enabled), neither branch enforced an ownership check β the query returned any flow matching the given UUID regardless of who owned it. This allowed any authenticated user to read any other user's flow, including embedded plaintext API keys; modify the logic of another user's AI agents, and/or delete flows belonging to other users. The vulnerability was introduced by the conditional logic that was meant to accommodate public/example flows (those with `user_id = NULL`) under auto-login mode, but inadvertently left the authenticated path without an ownership filter. The fix in version 1.5.1 removes the `AUTO_LOGIN` conditional entirely and unconditionally scopes the query to the requesting user.
π@cveNotify
GitHub
refactor(auth): simplify flow retrieval by removing settings_service dependency by ogabrielluiz Β· Pull Request #8956 Β· langflowβ¦
Summary by CodeRabbit
Refactor
Simplified user authorization logic for accessing flows, now strictly allowing access only to flows owned by the specific user.
Removed previous flexibility related...
Refactor
Simplified user authorization logic for accessing flows, now strictly allowing access only to flows owned by the specific user.
Removed previous flexibility related...
π¨ CVE-2026-3323
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.
π@cveNotify
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.
π@cveNotify
Certvde
VEGA: Unsecured Configuration Interface Allows Unauthorized Access Leading to Privilege Escalation
π¨ CVE-2025-71256
In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π@cveNotify
In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π@cveNotify
π¨ CVE-2026-40562
Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.
An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
π@cveNotify
Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.
An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
π@cveNotify
IETF Datatracker
RFC 7230: Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document provides an overview of HTTP architecture and its associated terminology, defines the "http" andβ¦
π¨ CVE-2026-40948
The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state` parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's browser and cause the victim to be logged into the attacker's Airflow session (login-CSRF / session fixation), where any credentials the victim subsequently stored in Airflow Connections would be harvestable by the attacker. Users are advised to upgrade `apache-airflow-providers-keycloak` to 0.7.0 or later.
π@cveNotify
The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state` parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's browser and cause the victim to be logged into the attacker's Airflow session (login-CSRF / session fixation), where any credentials the victim subsequently stored in Airflow Connections would be harvestable by the attacker. Users are advised to upgrade `apache-airflow-providers-keycloak` to 0.7.0 or later.
π@cveNotify
GitHub
Adds a state param into keycloak login by aritra24 Β· Pull Request #64114 Β· apache/airflow
the state param allows validating the callback
is received for the right request
Was generative AI tooling used to co-author this PR?
Yes (please specify the tool below)
Read the Pull Re...
is received for the right request
Was generative AI tooling used to co-author this PR?
Yes (please specify the tool below)
Read the Pull Re...
π¨ CVE-2025-71251
In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π@cveNotify
In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π@cveNotify
π¨ CVE-2025-71252
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π@cveNotify
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π@cveNotify
π¨ CVE-2025-71253
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π@cveNotify
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π@cveNotify
π¨ CVE-2025-71254
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π@cveNotify
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π@cveNotify
π¨ CVE-2025-71255
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π@cveNotify
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π@cveNotify
π¨ CVE-2025-54236
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-88
π¨ CVE-2025-13480
Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings.
This vulnerability has been fixed in version 5.6.3
π@cveNotify
Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings.
This vulnerability has been fixed in version 5.6.3
π@cveNotify
cert.pl
Vulnerability in Fudo Enterprise software
Incorrect Authorization vulnerability (CVE-2025-13480) has been found in Fudo Enterprise software.
π¨ CVE-2026-3340
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
π@cveNotify
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
π@cveNotify
Ibm
Security Bulletin: Server-Side Request Forgery (SSRF) in Langflow URL Component
IBM Langflow Desktop contains a Server-Side Request Forgery (SSRF) vulnerability in the URL data source component where user-supplied URLs are insufficiently validated before being used in backend HTTP requests, allowing authenticated attackers to force theβ¦
π¨ CVE-2026-3346
IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
π@cveNotify
IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
π@cveNotify
Ibm
Security Bulletin: Stored Cross-Site Scripting (XSS) in Langflow Markdown Rendering via rehypeRaw
A stored cross-site scripting (XSS) vulnerability in Langflow allows attackers to inject and execute arbitrary HTML/JavaScript through the Playground event-streaming and Markdown rendering pipeline due to unsafe use of rehypeRaw without sanitization, potentiallyβ¦
π¨ CVE-2026-4502
IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.
π@cveNotify
IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.
π@cveNotify
Ibm
Security Bulletin: Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API
IBM Langflow Desktop contains a critical vulnerability in its v2 API file handling mechanism where the POST /api/v2/files/ endpoint improperly processes multipart upload filenames without sanitization, allowing path traversal and arbitrary file write outsideβ¦
π¨ CVE-2026-4503
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.
π@cveNotify
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.
π@cveNotify
Ibm
Security Bulletin: Unauthenticated Insecure Direct Object Reference (IDOR) Vulnerability in Langflow Desktop Image Download Endpoint
IBM Langflow Desktop contains a vulnerability in its image retrieval functionality where the GET /api/v1/files/images/{flow_id}/{file_name} endpoint fails to enforce authentication and ownership validation, allowing any unauthenticated user to access imageβ¦
π¨ CVE-2026-0708
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the `ucl_object_emit` function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system.
π@cveNotify
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the `ucl_object_emit` function when parsing and emitting the object, leading to a Denial of Service (DoS) for the affected system.
π@cveNotify
π¨ CVE-2026-0966
A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process.
π@cveNotify
A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process.
π@cveNotify
π¨ CVE-2026-42151
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/azuread) was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving the configuration via the /-/config HTTP API endpoint. Because the field was a plain string, the Azure OAuth client secret was exposed in plaintext to any user or process with access to that endpoint. This issue has been patched in versions 3.5.3 and 3.11.3.
π@cveNotify
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/azuread) was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving the configuration via the /-/config HTTP API endpoint. Because the field was a plain string, the Azure OAuth client secret was exposed in plaintext to any user or process with access to that endpoint. This issue has been patched in versions 3.5.3 and 3.11.3.
π@cveNotify
GitHub
remote/azuread: use Secret type for OAuth client_secret by roidelapluie Β· Pull Request #18587 Β· prometheus/prometheus
The ClientSecret field in OAuthConfig was typed as plain string, causing it to be exposed in plaintext via the /-/config HTTP endpoint. Change it to config_util.Secret so Prometheus redacts it as ....