Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-33484
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flow_id and file_name returns the image with HTTP 200. In a multi-tenant deployment, any attacker who can discover or guess a `flow_id` (UUIDs can be leaked through other API responses) can download any user's uploaded images without credentials. Version 1.9.0 contains a patch.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-24
CVE-2026-33497
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which allows the secret_key to be read across directories. Version 1.7.1 contains a patch.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-24
CVE-2026-4722
Privilege escalation in the IPC component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-03-24
CVE-2026-4723
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-03-24
CVE-2026-4724
Undefined behavior in the Audio/Video component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVSS Score
9.1
EPSS Score
0.0
Published
2026-03-24
CVE-2026-4725
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVSS Score
10.0
EPSS Score
0.0
Published
2026-03-24
CVE-2026-4726
Denial-of-service in the XML component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-24
CVE-2026-4727
Denial-of-service in the Libraries component in NSS. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-24
CVE-2026-4728
Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-03-24
CVE-2026-4729
Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-03-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved