Cyber Security Alerts
- Home
- »
- Cyber Alerts
Blueteq Cyber Alerts
Latest High & Critical Vulnerabilities
Blueteq’s Cyber Alerts keep watch so you don’t have to. We continuously monitor newly published critical and high-risk vulnerabilities, analysing emerging threats as they appear. This page provides clear visibility of the issues that matter most, helping you stay protected.
CVE ID :CVE-2026-53727 Published : July 17, 2026, 9:17 p.m. | 2 hours, 3 minutes ago Description :css_parser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parser#read_remote_file in lib/css_parser/parser.rb, and therefore load_uri! and the @import-following branch of add_block!, issued HTTP and...Read more
Date: 2026-07-17
CVE ID :CVE-2026-54159 Published : July 17, 2026, 9:17 p.m. | 2 hours, 3 minutes ago Description :PrestaShop ps_facetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the ps_facetedsearch module rebuilds selected search filters from the request URL,...Read more
Date: 2026-07-17
CVE ID :CVE-2026-48062 Published : July 17, 2026, 9:17 p.m. | 2 hours, 3 minutes ago Description :CodeIgniter is a PHP full-stack web framework. Prior to 4.7.3, the ext_in upload validation rule in system/Validation/StrictRules/FileRules.php checked the MIME-derived guessed extension instead of the...Read more
Date: 2026-07-17
CVE ID :CVE-2026-13445 Published : July 17, 2026, 8:44 p.m. | 36 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the SaveToFile component to read and modify another user's uploaded files by specifying...Read more
Date: 2026-07-17
CVE ID :CVE-2026-13446 Published : July 17, 2026, 8:43 p.m. | 36 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8505 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook authentication logic allows unauthenticated users to trigger the execution of any flow. The...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8635 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8859 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the...Read more
Date: 2026-07-17
CVE ID :CVE-2026-7755 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files. ...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8056 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exists in the...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8476 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache class uses Python's unsafe pickle.loads() function...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8481 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python...Read more
Date: 2026-07-17
CVE ID :CVE-2026-7667 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted...Read more
Date: 2026-07-17
CVE ID :CVE-2026-60137 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the author__not_in parameter of WP_Query, which could allow SQL Injection...Read more
Date: 2026-07-17
CVE ID :CVE-2026-50289 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :systeminformation is a System and OS information library for node.js. Prior to 5.31.7, networkInterfaces() on Linux is vulnerable to OS command injection through the Debian/Ubuntu...Read more
Date: 2026-07-17
Latest Vulnerabilities
CVE ID :CVE-2026-53727 Published : July 17, 2026, 9:17 p.m. | 2 hours, 3 minutes ago Description :css_parser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parser#read_remote_file in lib/css_parser/parser.rb, and therefore load_uri! and the @import-following branch of add_block!, issued HTTP and...Read more
Date: 2026-07-17
CVE ID :CVE-2026-54159 Published : July 17, 2026, 9:17 p.m. | 2 hours, 3 minutes ago Description :PrestaShop ps_facetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the ps_facetedsearch module rebuilds selected search filters from the request URL,...Read more
Date: 2026-07-17
CVE ID :CVE-2026-48062 Published : July 17, 2026, 9:17 p.m. | 2 hours, 3 minutes ago Description :CodeIgniter is a PHP full-stack web framework. Prior to 4.7.3, the ext_in upload validation rule in system/Validation/StrictRules/FileRules.php checked the MIME-derived guessed extension instead of the...Read more
Date: 2026-07-17
CVE ID :CVE-2026-13445 Published : July 17, 2026, 8:44 p.m. | 36 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the SaveToFile component to read and modify another user's uploaded files by specifying...Read more
Date: 2026-07-17
CVE ID :CVE-2026-13446 Published : July 17, 2026, 8:43 p.m. | 36 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8505 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook authentication logic allows unauthenticated users to trigger the execution of any flow. The...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8635 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8859 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the...Read more
Date: 2026-07-17
CVE ID :CVE-2026-7755 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files. ...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8056 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exists in the...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8476 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache class uses Python's unsafe pickle.loads() function...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8481 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python...Read more
Date: 2026-07-17
CVE ID :CVE-2026-7667 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted...Read more
Date: 2026-07-17
CVE ID :CVE-2026-60137 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the author__not_in parameter of WP_Query, which could allow SQL Injection...Read more
Date: 2026-07-17
CVE ID :CVE-2026-50289 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :systeminformation is a System and OS information library for node.js. Prior to 5.31.7, networkInterfaces() on Linux is vulnerable to OS command injection through the Debian/Ubuntu...Read more
Date: 2026-07-17