Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.2 CVE-2026-56264

Crawl4AI – Arbitrary JavaScript Execution via /execute_js Endpoint_CVE-2026-56264

Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /execute_js endpoint, which accepts and e...

Crawl4AI Crawl4AI 0.8.7 CVE
CRITICAL 10 CVE-2026-56415

OS Command Injection in StoneFly Storage Concentrator_CVE-2026-56415

Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A ...

Stonefly Storage Concentrator CVE
CRITICAL 10 CVE-2026-56413

OS Command Injection in StoneFly Storage Concentrator_CVE-2026-56413

Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default...

StoneFly Storage Concentrator CVE
CRITICAL 9.2 CVE-2026-55721

SQL Injection in StoneFly Storage Concentrator_CVE-2026-55721

Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie va...

StoneFly Storage Concentrator CVE
CRITICAL 9.3 CVE-2026-50110

Use of Hard-coded Credentials in StoneFly Storage Concentrator_CVE-2026-50110

Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the cred...

StoneFly Storage Concentrator CVE
CRITICAL 9.1 CVE-2026-7874

Weak Cryptographic Key Derivation Exposed All Stored Credentials_CVE-2026-7874

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivat...

IBM Langflow OSS 1.0.0 CVE
CRITICAL 9.9 CVE-2026-7873

Code Injection Vulnerability in Code Validation Endpoint_CVE-2026-7873

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credential...

IBM Langflow OSS 1.0.0 CVE
CRITICAL 9.8 CVE-2026-7871

Insecure Deserialization in Redis Cache Backend_CVE-2026-7871

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all s...

IBM Langflow OSS 1.0.0 CVE
CRITICAL 9.8 CVE-2026-7803

Flow Validation Bypass via Empty Component Type Field_CVE-2026-7803

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component...

IBM Langflow OSS 1.0.0 CVE
CRITICAL 9.1 CVE-2026-7663

Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass_CVE-2026-7663

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due...

IBM Langflow OSS 1.0.0-1.9.6 CVE