Lucene search
K

7 matches found

CVE
CVE
added 2026/07/02 7:38 p.m.19 views

CVE-2026-58579

RAGFlow before 0.26.3 stores an agent pipeline (DSL) node name without sanitization. The update endpoint normalizes DSL via JSON serialization but preserves the node name, and the dataflow-result UI renders it with dangerouslySetInnerHTML while i18next escapeValue is false, allowing an authentica...

5.4CVSS5.9AI score0.00182EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.4 views

PT-2026-34236

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description A flaw exists in the run method of the CSV Agents class due to improper sandboxing when evaluating Python scripts generated by a Large Language Model LLM. An unauthenticated attacker can use prompt...

9.8CVSS5.8AI score0.01028EPSS
Exploits3References12
OSV
OSV
added 2026/02/26 1:55 a.m.14 views

CVE-2026-27966 Langflow has Remote Code Execution in CSV Agent

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...

9.8CVSS6.3AI score0.33694EPSS
Exploits4References4
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.19 views

PT-2026-22107

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.8.0 Description Langflow is a tool for building and deploying AI-powered agents and workflows. In the CSV Agent node, the variable allow dangerous code is hardcoded to True, which automatically exposes LangChain's...

9.8CVSS8AI score0.33694EPSS
Exploits4References27
OSV
OSV
added 2025/08/23 2:33 p.m.2 views

MAL-2025-41309 Malicious code in montage-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 285d4d62fe8147f0b104cedb1c1bc54ecc1a11483fb2240f89369ddd2de3b7d3 The OpenSSF Package Analysis project identified 'montage-agent' @ 99.0.9 npm as malicious. It is considered malicious because: - The package...

7.3AI score
Exploits0
vulnersOsv
vulnersOsv
added 2023/08/01 5:0 p.m.8 views

@emberai/agent-node (>=1.1.0 <=1.2.0), @pnpm/beta (>=0.0.0 <=0.0.6-6.17.0) +1 more potentially affected by CVE-2023-37478 via @pnpm/linux-x64 (>=0.0.0 <=7.33.3)

@pnpm/linux-x64 NPM version =0.0.0, =1.1.0, =0.0.0, =6.17.1, =11.5.3 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

9.8CVSS7.2AI score0.00941EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/08/01 5:0 p.m.15 views

@emberai/agent-node (>=1.1.0 <=1.2.0), @pnpm/beta (>=0.0.0 <=0.0.6-6.17.0) +1 more potentially affected by CVE-2023-37478 via @pnpm/win-x64 (>=0.0.0 <=7.33.3)

@pnpm/win-x64 NPM version =0.0.0, =1.1.0, =0.0.0, =6.17.1, =11.5.3 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

9.8CVSS7.2AI score0.00941EPSS
Exploits1
Rows per page
Query Builder