Lucene search
+L

255766 matches found

Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-13448 Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints

IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build endpoint /api/v1/buildpublictmp/flowid/flow . The vulnerability stems from an incomplete denylist in the validatepublicflownocodeexecution function that fails...

8.1CVSS
Exploits0References1
CVE
CVE
added 1 hour ago3 views

CVE-2026-13448

IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build endpoint /api/v1/buildpublictmp/flowid/flow . The vulnerability stems from an incomplete denylist in the validatepublicflownocodeexecution function that fails...

8.1CVSS6.3AI score
Exploits0References1
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-13473 IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow

IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 through 8.2.1.0 IBM Storage Protect is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server ...

8.1CVSS
Exploits0References1
CVE
CVE
added 1 hour ago10 views

CVE-2026-13473

IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 through 8.2.1.0 IBM Storage Protect is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server ...

8.1CVSS6.5AI score
Exploits0References1
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-14499 Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints

IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input in the Python Interpreter component...

8.8CVSS
Exploits0References1
CVE
CVE
added 1 hour ago6 views

CVE-2026-14499

IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input in the Python Interpreter component...

8.8CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 1 hour ago6 views

CVE-2026-15069 Multiple Vulnerabilities in IBM Engineering AI hub.

IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to execute arbitrary script code due to improper neutralization of input during web page generation...

5.4CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago8 views

CVE-2026-7755 MCP Server Configuration Validator Bypass via File Upload API

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files...

8.8CVSS
Exploits0References1
CVE
CVE
added 2 hours ago17 views

CVE-2026-7755

The IBM Security Bulletin confirms CVE-2026-7755 affects Langflow OSS versions 1.0.0–1.10.0, where the File Manager API may bypass MCP server configuration validation during file uploads. A maliciously crafted MCP configuration file (e.g., mcp_servers .json) could be uploaded via upload_user_file...

8.8CVSS6.3AI score
Exploits0References1
NVD
NVD
added 2 hours ago3 views

CVE-2026-45162

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.7, multiple Pimcore locations call PHP's unserialize on data from database columns and filesystem files without the allowedclasses restriction, including lib/Tool/Authentication.php, models/Site/Dao.php...

8CVSS0.00202EPSS
Exploits0References4
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-63030 WordPress < 7.0.2 - REST API batch-route confusion and SQL injection issue leading to Remote Code Execution

WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, combined with the authornotin WPQuery SQL Injection CVE-2026-60137, could allow an attacker to perform SQL Injection and achieve Remote Code Execution...

Exploits0References2
Vulnrichment
Vulnrichment
added 2 hours ago3 views

CVE-2026-63030 WordPress < 7.0.2 - REST API batch-route confusion and SQL injection issue leading to Remote Code Execution

WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, combined with the authornotin WPQuery SQL Injection CVE-2026-60137, could allow an attacker to perform SQL Injection and achieve Remote Code Execution...

6AI score
Exploits0References2
CVE
CVE
added 2 hours ago7 views

CVE-2026-63030

WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, combined with the authornotin WPQuery SQL Injection CVE-2026-60137, could allow an attacker to perform SQL Injection and achieve Remote Code Execution...

7.5CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-8476 Disk Cache Deserialization Remote Code Execution Vulnerability

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache class uses Python's unsafe pickle.loads function to deserialize cached objects from disk without validation, integrity verification, or...

9.9CVSS
Exploits0References1
CVE
CVE
added 2 hours ago15 views

CVE-2026-8476

Langflow OSS versions 1.0.0–1.10.0 are impacted by a remote code execution vulnerability in the disk-based cache. The AsyncDiskCache deserializes cached items with unsafe pickle.loads() without validation, allowing arbitrary code execution when an attacker can influence cached data (e.g., through...

9.9CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2 hours ago3 views

CVE-2026-8481 Remote Code Execution via Code Validation Endpoint

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python code and executes it directly using Python's built-in exec function without sandboxing, input...

9.9CVSS6.9AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-8481 Remote Code Execution via Code Validation Endpoint

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python code and executes it directly using Python's built-in exec function without sandboxing, input...

9.9CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-8505 Authentication Bypass in Webhook Endpoints Allowed Unauthorized Flow Execution

IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook authentication logic allows unauthenticated users to trigger the execution of any flow. The system incorrectly bypasses API key validation when the WEBHOOKAUTHENABLE configuration is set to False which is the default...

9.8CVSS
Exploits0References1
CVE
CVE
added 2 hours ago13 views

CVE-2026-8505

CVE-2026-8505 affects Langflow OSS 1.0.0–1.10.0. A flaw in the webhook authentication logic bypasses API key validation when WEBHOOK_AUTH_ENABLE is False (default), allowing unauthenticated remote execution of any flow and potentially RCE/DoS. IBM’s bulletin confirms the vulnerability and that th...

9.8CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago8 views

CVE-2026-45162 Pimcore: Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.7, multiple Pimcore locations call PHP's unserialize on data from database columns and filesystem files without the allowedclasses restriction, including lib/Tool/Authentication.php, models/Site/Dao.php...

8CVSS0.00202EPSS
Exploits0References4
Rows per page
Query Builder