Summary
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-72GW-MP4G-V24J
Multer vulnerable to Denial of Service via deeply nested field names
- MEDIUMGHSA-FG94-H982-F3MM
Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch
- HIGHGHSA-RJXQ-QQHF-8HWH
OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin
- MEDIUMGHSA-5JV2-G5WQ-CMR4
vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving
- CRITICALGHSA-QW24-GH76-8RVV
Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix
- HIGHGHSA-RM2V-H48J-895M
n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host