Security notes, platform updates, and practical defensive guidance.
IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to ne...
IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable syste...
Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in th...
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This overs...
A critical vulnerability in Langflow discovered in December 2025 is now under active exploitation. Users and administrators are advised to update to the latest version immediately.
Microsoft has released security updates addressing a remote code execution vulnerability in SharePoint. Users and administrators of affected products are advised to update to the latest versions immediately.
Palo Alto Networks has identified a critical vulnerability affecting the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS software and Prisma Access that allows attackers to establish unauthorised VPN connec...
Oracle has released security updates to address multiple vulnerabilities across several Oracle products that could allow unauthenticated attackers to compromise and take over affected systems. Users and administrators of...
About CSAInformation forAlerts & AdvisoriesNews & EventsLegislationOur ProgrammesResourcesHomeAlerts & AdvisoriesAlertsCritical Vulnerability in Mirasvit Full Page Cache Warmer for Magento 2AlertsCritical Vulnerability i...
About CSAInformation forAlerts & AdvisoriesNews & EventsLegislationOur ProgrammesResourcesHomeAlerts & AdvisoriesAlertsCritical Vulnerability in Cisco Unified Communications ManagerAlertsCritical Vulnerability in Cisco U...