Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.2 CVE-2026-55721

SQL Injection in StoneFly Storage Concentrator_CVE-2026-55721

Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie va...

StoneFly Storage Concentrator CVE
CRITICAL 9.3 CVE-2026-50110

Use of Hard-coded Credentials in StoneFly Storage Concentrator_CVE-2026-50110

Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the cred...

StoneFly Storage Concentrator CVE
CRITICAL 9.1 CVE-2026-7874

Weak Cryptographic Key Derivation Exposed All Stored Credentials_CVE-2026-7874

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivat...

IBM Langflow OSS 1.0.0 CVE
CRITICAL 9.9 CVE-2026-7873

Code Injection Vulnerability in Code Validation Endpoint_CVE-2026-7873

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credential...

IBM Langflow OSS 1.0.0 CVE
CRITICAL 9.8 CVE-2026-7871

Insecure Deserialization in Redis Cache Backend_CVE-2026-7871

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all s...

IBM Langflow OSS 1.0.0 CVE
CRITICAL 9.8 CVE-2026-7803

Flow Validation Bypass via Empty Component Type Field_CVE-2026-7803

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component...

IBM Langflow OSS 1.0.0 CVE
CRITICAL 9.1 CVE-2026-7663

Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass_CVE-2026-7663

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due...

IBM Langflow OSS 1.0.0-1.9.6 CVE
CRITICAL 9.3 CVE-2026-11712

IBM WebSphere Application Server is affected by a cross-site scripting vulnerability_CVE-2026-11712

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system.

IBM WebSphere Application Server 9.0 CVE
CRITICAL 9.3 CVE-2026-11708

IBM WebSphere Application Server is affected by a cross-site scripting vulnerability_CVE-2026-11708

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help s...

IBM WebSphere Application Server 9.0 CVE
CRITICAL 9.6 CVE-2026-10140

Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem_CVE-2026-10140

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries....

IBM Langflow OSS 1.0.0 CVE