PYSEC-2024-177

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/customcomponent" endpoint and provide a Python script...

Langflow Security Vulnerabilities

Langflow is a visualization framework for building multi-agent and RAG applications from the Langflow open source. A security vulnerability exists in Langflow version 0.6.19 that originates if an untrusted user can reach the POST /api/v1/customcomponent endpoint and provide a Python script, then...

PT-2024-27242 · Langflow · Langflow

Name of the Vulnerable Software and Affected Versions: Langflow versions 0.6.19 and earlier Description: The issue allows remote code execution if untrusted users can reach the "POST /api/v1/custom component" endpoint and provide a Python script. Recommendations: For Langflow versions 0.6.19 and...

formio-workers (>=1.0.0 <=1.5.0), ng2-formio (>=1.0.0-rc.24 <=1.0.0-rc.28) +1 more potentially affected by CVE-2020-28246 via formio (=1.91.13)

formio NPM version =1.91.13 is affected by a known vulnerability. The following packages have a transitive dependency on formio and may be impacted: - formio-workers =1.0.0, =1.0.0-rc.24, =1.0.0-rc.28 - v-formio-custom-component =0.1.1 Source cves: CVE-2020-28246 Source advisory:...

Design/Logic Flaw

UR+ Universal Robots+ is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots e.g. in the UR10, no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universa...