ReportizFlow
Filtered by vendor Langfuse
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59305 | 1 Langfuse | 1 Langfuse | 2025-09-26 | 7.6 High |
| Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated user to invoke migration control functions. This can lead to data corruption or denial of service through unauthorized access to TRPC endpoints such as backgroundMigrations.all, backgroundMigrations.status, and backgroundMigrations.retry. | ||||
| CVE-2025-9799 | 1 Langfuse | 1 Langfuse | 2025-09-02 | 5 Medium |
| A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited. | ||||
Page 1 of 1.