7.1
CVE-2026-32960 - Authentication Bypass via Sensitive Resource Reuse in Silex AMC Manager and SD-330AC
SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet.
6.9
CVE-2026-32961 - HeapβBased Buffer Overflow in Silex AMC Manager and SDβ330AC Causing Temporary Denial of Service
SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in packet data processing of sx_smpd. Processing a crafted packet may cause a temporary denial-of-service (DoS) condition.
6.9
CVE-2026-32962 - Missing Authentication Allows Device Configuration Changes
SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue. The device configuration may be altered without authentication.
5.1
CVE-2026-32963 - Reflected CrossβSite Scripting via Crafted Web Pages
SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user's browser.
6.9
CVE-2026-32964 - Improper CRLF Neutralization Leading to Configuration Injection in Silex AMC Manager and SDβ330AC
SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences ('CRLF Injection') vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration.
8.7
CVE-2026-32965 - Insecure Default Password Allows Unauthenticated Access on Silex SDβ330AC and AMC Manager
Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial (factory-default) configuration, the device can be configured with the null string password.
5.1
CVE-2026-6600 - langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting
A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site scβ¦
5.3
CVE-2026-6599 - langflow-ai langflow Model Context Protocol Configuration API mcp_projects.py install_mcp_config inβ¦
A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file src/backend/base/langflow/api/v1/mcp_projects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument Xβ¦
5.3
CVE-2026-6598 - langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage β¦
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth_settiβ¦
5.1
CVE-2026-6597 - langflow-ai langflow Flow Using API core.py has_api_terms credentials storage
A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiateβ¦