Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.9 CVE-2026-7873

Code Injection Vulnerability in Code Validation Endpoint_CVE-2026-7873

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credential...

IBM Langflow OSS 1.0.0 CVE
CRITICAL 9.8 CVE-2026-7871

Insecure Deserialization in Redis Cache Backend_CVE-2026-7871

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all s...

IBM Langflow OSS 1.0.0 CVE
CRITICAL 9.8 CVE-2026-7803

Flow Validation Bypass via Empty Component Type Field_CVE-2026-7803

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component...

IBM Langflow OSS 1.0.0 CVE
CRITICAL 9.1 CVE-2026-7663

Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass_CVE-2026-7663

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due...

IBM Langflow OSS 1.0.0-1.9.6 CVE
CRITICAL 9.3 CVE-2026-11712

IBM WebSphere Application Server is affected by a cross-site scripting vulnerability_CVE-2026-11712

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system.

IBM WebSphere Application Server 9.0 CVE
CRITICAL 9.3 CVE-2026-11708

IBM WebSphere Application Server is affected by a cross-site scripting vulnerability_CVE-2026-11708

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help s...

IBM WebSphere Application Server 9.0 CVE
CRITICAL 9.6 CVE-2026-10140

Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem_CVE-2026-10140

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries....

IBM Langflow OSS 1.0.0 CVE
CRITICAL 10 CVE-2026-10134

Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows_CVE-2026-10134

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, convers...

IBM Langflow OSS 1.0.0 CVE
CRITICAL 9.8 CVE-2026-10109

IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling_CVE-2026-10109

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.

IBM Db2 11.5.0 CVE
CRITICAL 9.8 21D020CF-21B0-

Exploit for CVE-2026-58138_21D020CF-21B0-55A8-BA7E-316F76903171

CVE-2026-58138 — Conductor Unauthenticated RCE via INLINE GraalVM Evaluator Conductor OSS / Orkes 3.21.21 … before 3.30.2 evaluates user-supplied J...

N/A N/A GITHUBEXPLOIT