|
151
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, pote…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-3340
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
6.4 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus al…
New
|
CWE-89
SQL Injection
|
CVE-2026-3346
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot d…
New
|
CWE-22
Path Traversal
|
CVE-2026-4502
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
7.5 |
HIGH
Network
|
-
|
-
|
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-4503
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
5.3 |
MEDIUM
Adjacent
|
-
|
-
|
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.
New
|
CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
|
CVE-2025-36180
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
6.2 |
MEDIUM
Local
|
-
|
-
|
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.
New
|
CWE-256
Plaintext Storage of a Password
|
CVE-2025-36335
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
6.4 |
MEDIUM
Network
|
-
|
-
|
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to ru…
New
|
CWE-284
Improper Access Control
|
CVE-2026-2311
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../)…
New
|
CWE-22
Path Traversal
|
CVE-2026-3345
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
8.8 |
HIGH
Local
|
-
|
-
|
IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An a…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-6389
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for an…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6542
|
2026-05-2 00:27 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
