| ベンダー | プロダクト | Version Range | ステータス |
|---|---|---|---|
| IBM | Langflow OSS | 1.0.0≤ 1.9.3 | affected |
高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| IBM | Langflow OSS | 1.0.0 ~ 1.9.3 | cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:* |
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
公開POCは見つかりませんでした。
ログインしてAI POCを生成| CVE-2026-7873 | 9.9 CRITICAL | Code Injection Vulnerability in Code Validation Endpoint |
| CVE-2026-7803 | 9.8 CRITICAL | Flow Validation Bypass via Empty Component Type Field |
| CVE-2026-10109 | 9.8 CRITICAL | IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake h |
| CVE-2026-7871 | 9.8 CRITICAL | Insecure Deserialization in Redis Cache Backend |
| CVE-2026-10140 | 9.6 CRITICAL | Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem |
| CVE-2026-11712 | 9.3 CRITICAL | IBM WebSphere Application Server is affected by a cross-site scripting vulnerability |
| CVE-2026-11708 | 9.3 CRITICAL | IBM WebSphere Application Server is affected by a cross-site scripting vulnerability |
| CVE-2026-7874 | 9.1 CRITICAL | Weak Cryptographic Key Derivation Exposed All Stored Credentials |
| CVE-2026-7663 | 9.1 CRITICAL | Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport |
| CVE-2026-10129 | 8.5 HIGH | SSRF via HTTP Redirect Following in Langflow API Request Component |
| CVE-2026-11714 | 8.5 HIGH | IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerabil |
| CVE-2026-11594 | 8.5 HIGH | IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilit |
| CVE-2026-10564 | 8.2 HIGH | SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection |
| CVE-2026-10560 | 8.2 HIGH | Unauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSS |
| CVE-2025-36359 | 8.1 HIGH | IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability. |
| CVE-2026-13449 | 7.6 HIGH | XXE attack in IBM Business Automation Manager Open Editions |
| CVE-2026-13772 | 7.5 HIGH | IBM WebSphere eXtreme Scale's OQL is affected by remote code execution |
| CVE-2026-13759 | 7.5 HIGH | IBM WebSphere eXtreme Scale is affected by Insecure Deserilization |
| CVE-2026-11541 | 7.4 HIGH | IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by |
| CVE-2026-11806 | 7.2 HIGH | IBM WebSphere Application Server Liberty is affected by a an arbitrary file read vulnerabi |
Showing 20 of 43 CVEs. View all on vendor page →
まだコメントはありません