6.9
CVE-2026-32961 - HeapโBased Buffer Overflow in Silex AMC Manager and SDโ330AC Causing Temporary Denial of Service
SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in packet data processing of sx_smpd. Processing a crafted packet may cause a temporary denial-of-service (DoS) condition.
6.9
CVE-2026-32962 - Missing Authentication Allows Device Configuration Changes
SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue. The device configuration may be altered without authentication.
5.1
CVE-2026-32963 - Reflected CrossโSite Scripting via Crafted Web Pages
SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user's browser.
6.9
CVE-2026-32964 - Improper CRLF Neutralization Leading to Configuration Injection in Silex AMC Manager and SDโ330AC
SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences ('CRLF Injection') vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration.
8.7
CVE-2026-32965 - Insecure Default Password Allows Unauthenticated Access on Silex SDโ330AC and AMC Manager
Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial (factory-default) configuration, the device can be configured with the null string password.
5.1
CVE-2026-6600 - langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting
A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site scโฆ
5.3
CVE-2026-6599 - langflow-ai langflow Model Context Protocol Configuration API mcp_projects.py install_mcp_config inโฆ
A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file src/backend/base/langflow/api/v1/mcp_projects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument Xโฆ
5.3
CVE-2026-6598 - langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage โฆ
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth_settiโฆ
5.1
CVE-2026-6597 - langflow-ai langflow Flow Using API core.py has_api_terms credentials storage
A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiateโฆ
6.9
CVE-2026-6596 - langflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted upload
A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack rโฆ