Langflow Langflow
Langflow Code Injection Vulnerability — Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.
2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.
Langflow Code Injection Vulnerability — Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.
420K government contract records from Canadian IT services firm exposed in supply chain attack
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Ir
New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans
222,762 records exposed — Email addresses, IP addresses, Passwords, Usernames
340K customer records from loyalty program and online orders exposed via web app vulnerability
272K armed forces personnel payroll records exposed via compromised third-party payroll system
1.6M enterprise customer records from S/4HANA Cloud exposed via authentication bypass
580K citizen records from health and education systems exposed via MOVEit successor exploit
6M records from 140K+ tenants allegedly accessed via authentication bypass in legacy systems
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT)
Craft CMS Code Injection Vulnerability — Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.
Laravel Livewire Code Injection Vulnerability — Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.
Apple Multiple Products Improper Locking Vulnerability — Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected change
Apple Multiple Products Classic Buffer Overflow Vulnerability — Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause une
Apple Multiple Products Buffer Overflow Vulnerability — Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web con
1.4M Aeroplan member records compromised including travel history and passport data
920K citizen records from provincial MyAlberta Digital ID system exposed
950K patient appointment and billing records exposed via compromised scheduling vendor
Customer firewall configurations and 280K support records exposed via compromised support portal
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability — Cisco Secure Firewall Management Center (FMC) Software a
890K resident records from municipal services portal exposed in CL0P supply chain attack
903,080 records exposed — Customer service records, Email addresses, IP addresses, Names and 2 more
903,080 records exposed — Customer service comments, Email addresses, IP addresses, Names and 2 more