5.1
CVE-2026-32963 - Reflected CrossβSite Scripting via Crafted Web Pages
SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user's browser.
6.9
CVE-2026-32964 - Improper CRLF Neutralization Leading to Configuration Injection in Silex AMC Manager and SDβ330AC
SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences ('CRLF Injection') vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration.
8.7
CVE-2026-32965 - Insecure Default Password Allows Unauthenticated Access on Silex SDβ330AC and AMC Manager
Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial (factory-default) configuration, the device can be configured with the null string password.
5.1
CVE-2026-6600 - langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting
A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site scβ¦
5.3
CVE-2026-6599 - langflow-ai langflow Model Context Protocol Configuration API mcp_projects.py install_mcp_config inβ¦
A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file src/backend/base/langflow/api/v1/mcp_projects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument Xβ¦
5.3
CVE-2026-6598 - langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage β¦
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth_settiβ¦
5.1
CVE-2026-6597 - langflow-ai langflow Flow Using API core.py has_api_terms credentials storage
A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiateβ¦
6.9
CVE-2026-6596 - langflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted upload
A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack rβ¦
6.9
CVE-2026-6595 - ProjectsAndPrograms School Management System HTTP GET Parameter buslocation.php sql injection
A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP GET Parameter Handler. The manipulation of the argument bus_id leads to sql injectβ¦
6.9
CVE-2026-6594 - brikcss merge prototype pollution
A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument __proto__/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The vβ¦