Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

36544 matches found

Snyk
Snykadded 2026/01/23 5:8 a.m.7 views

Arbitrary Code Injection

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Arbitrary Code Injection via the loadtoolmodulebyid function in the utils/plugin.py file. An attacker can execute arbitrary code in the context of the service account by supplying a crafted string that is not...

8.8CVSS8.6AI score0.27227EPSS
Exploits1References2
Snyk
Snykadded 2026/01/23 5:8 a.m.5 views

Arbitrary Code Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of Python function components. An attacker can execute arbitrary code by...

7.5CVSS7.4AI score0.00551EPSS
Exploits1References2
Snyk
Snykadded 2026/01/23 5:8 a.m.5 views

Arbitrary Code Injection

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of Python function components. An attacker can execute arbitrary code by introducing custom Python code into a workflow. Remediati...

7.5CVSS7.4AI score0.00551EPSS
Exploits1References2
EUVD
EUVDadded 2026/01/23 4:35 a.m.3 views

EUVD-2026-4324

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...

8.8CVSS5.8AI score0.00528EPSS
Exploits0References3
OSV
OSVadded 2026/01/23 4:16 a.m.4 views

CVE-2026-0768

Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...

9.8CVSS6.6AI score
Exploits0References1
NVD
NVDadded 2026/01/23 4:16 a.m.5 views

CVE-2026-0761

Foundation Agents MetaGPT actionoutputstrtomapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The...

9.8CVSS0.01051EPSS
Exploits0References1
OSV
OSVadded 2026/01/23 4:16 a.m.2 views

CVE-2026-0761

Foundation Agents MetaGPT actionoutputstrtomapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The...

9.8CVSS6.6AI score
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/01/23 3:28 a.m.4 views

CVE-2026-0771 Langflow PythonFunction Code Injection Remote Code Execution Vulnerability

Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...

7.1CVSS6.5AI score0.00551EPSS
Exploits1References1
CVE
CVEadded 2026/01/23 3:28 a.m.13 views

CVE-2026-0771

CVE-2026-0771 affects Langflow where the vulnerability stems from the handling of Python function components. The flaw may allow an attacker to introduce custom Python code into a workflow, leading to remote code execution with the application’s context. The root cause involves unsafe handling of...

7.1CVSS6.5AI score0.00551EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/01/23 3:28 a.m.28 views

CVE-2026-0771 Langflow PythonFunction Code Injection Remote Code Execution Vulnerability

Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...

7.1CVSS0.00551EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/01/23 3:28 a.m.6 views

CVE-2026-0768

Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...

9.8CVSS6.3AI score0.02035EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/01/23 3:28 a.m.28 views

CVE-2026-0768 Langflow code Code Injection Remote Code Execution Vulnerability

Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...

9.8CVSS0.02035EPSS
Exploits1References1
CVE
CVEadded 2026/01/23 3:28 a.m.13 views

CVE-2026-0768

CVE-2026-0768 affects Langflow. The vulnerability is in the validate endpoint’s handling of the code parameter, where unvalidated user-supplied Python code is executed via exec(), enabling remote code execution with root privileges. Concrete details in connected docs show the issue resides in val...

9.8CVSS6.5AI score0.02035EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/01/23 3:28 a.m.6 views

CVE-2026-0768 Langflow code Code Injection Remote Code Execution Vulnerability

Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...

9.8CVSS6.5AI score0.02035EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/01/23 3:28 a.m.3 views

CVE-2026-0761 Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability

Foundation Agents MetaGPT actionoutputstrtomapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The...

9.8CVSS6.5AI score0.01051EPSS
Exploits0References1
CVE
CVEadded 2026/01/23 3:28 a.m.11 views

CVE-2026-0761

The CVE-2026-0761 issue affects Foundation Agents MetaGPT, where the function actionoutput_str_to_mapping accepts user-supplied strings without proper validation, allowing remote code execution in the service account context. Reports from Red Hat and NVD summarize the flaw as a Python code execut...

9.8CVSS6.5AI score0.01051EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/01/23 3:28 a.m.32 views

CVE-2026-0761 Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability

Foundation Agents MetaGPT actionoutputstrtomapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The...

9.8CVSS0.01051EPSS
Exploits0References1
NVD
NVDadded 2026/01/23 12:15 a.m.13 views

CVE-2026-24132

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

9.8CVSS0.00678EPSS
Exploits0References9
CNNVD
CNNVDadded 2026/01/23 12:0 a.m.6 views

Langflow code injection vulnerability

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a code injection vulnerability, which arises from the possibility of introducing custom code when handling Python function components. This vulnerability may lead t...

7.1CVSS7.4AI score0.00551EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/01/23 12:0 a.m.5 views

Langflow security vulnerabilities

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a security vulnerability, which stems from the lack of validation for strings provided by users in the implementation of the evalcustomcomponentcode function. This...

9.8CVSS7.6AI score0.33827EPSS
Exploits1References1
Rows per page
Query Builder