Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.2 CVE-2026-10560

Unauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSS_CVE-2026-10560

IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_tmp/ endpoints that allows an unauthen...

IBM Langflow OSS 1.0.0 CVE
HIGH 7.1 CVE-2026-10546

DNS Rebinding TOCTOU Bypass of SSRF Protection in Langflow OSS URL Component_CVE-2026-10546

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) vulnerability in the URL component ( src/lfx/src/lfx/components/...

IBM Langflow OSS 1.0.0 CVE
HIGH 8.5 CVE-2026-10129

SSRF via HTTP Redirect Following in Langflow API Request Component_CVE-2026-10129

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerability in the API Request component. An...

IBM Langflow OSS 1.0.0-1.9.3 CVE
HIGH 8.7 CVE-2026-44628

OFFIS DCMTK Toolkit Type Confusion_CVE-2026-44628

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directo...

OFFIS DICOM DCMTK Toolkit CVE
HIGH 8.7 CVE-2026-13207

Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing_CVE-2026-13207

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fai...

Frangoteam FUXA SCADA/HMI 1.3.1 CVE
HIGH 8.5 CVE-2026-11594

IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities_CVE-2026-11594

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console.

IBM WebSphere Application Server 9.0 CVE
HIGH 8.1 CVE-2025-36359

IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability._CVE-2025-36359

IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to i...

IBM DevOps Automation 1.0.1 CVE
HIGH 7.8 8213BCAE-4E79-

Exploit for CVE-2026-46331_8213BCAE-4E79-5E25-9642-230C8D3F7823

CVE-2026-46331 pedit COW – Linux LPE Validation and auditd/AppArmor Detection Defensive validation report for CVE-2026-46331, focused on Linux kern...

N/A N/A GITHUBEXPLOIT
HIGH 8.8 6210915C-9723-

Exploit for XML Injection (aka Blind XPath Injection) in Samlify_Project Samlify_6210915C-9723-542E-AAB3-1FFADF0E92C4

CVE-2026-46490 — samlify SAML AttributeValue XML Injection → Privilege Escalation samlify contexts. A user-controlled value e.g. email / name place...

N/A N/A GITHUBEXPLOIT
HIGH 7.3 CVE-2026-8864

HP Fan Control App – Potential Escalation of Privilege_CVE-2026-8864

The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has been released to mit...

HP Inc. HP Fan Control App CVE