Lucene search
K

757 matches found

OSV
OSV
added 2025/08/25 4:22 p.m.5 views

CVE-2025-57760 Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in...

8.8CVSS6.8AI score0.00433EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/25 4:21 p.m.8 views

Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)

This vulnerability was discovered by researchers at Check Point. We are sharing this report as part of a responsible disclosure process and are happy to assist in validation and remediation if needed. Summary A privilege escalation vulnerability exists in Langflow containers where an authenticate...

8.8CVSS7.5AI score0.00433EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2025/08/25 4:21 p.m.5 views

GHSA-4GV9-MP8M-592R Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)

This vulnerability was discovered by researchers at Check Point. We are sharing this report as part of a responsible disclosure process and are happy to assist in validation and remediation if needed. Summary A privilege escalation vulnerability exists in Langflow containers where an authenticate...

8.8CVSS7.5AI score0.00433EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.4 views

PT-2025-34678

Name of the Vulnerable Software and Affected Versions: Langflow affected versions not specified Description: Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with Remote Co...

8.8CVSS7AI score0.00433EPSS
Exploits0References17
CNNVD
CNNVD
added 2025/08/25 12:0 a.m.6 views

Langflow 安全漏洞

Langflow is a visualization framework for building multi-agent and RAG applications open-sourced by Langflow. A security vulnerability exists in Langflow that stems from improper management of permissions within a container, which could lead to elevation of privilege...

8.8CVSS6.4AI score0.00433EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2025/07/16 12:0 a.m.182 views

📄 Langflow 1.2.x Remote Code Execution

Langflow exposes a vulnerable endpoint /api/v1/validate/code that improperly evaluates arbitrary Python code via the exec function. An unauthenticated remote attacker can execute arbitrary system commands. Versions 1.2.x and below are affected. !/usr/bin/env python3 Exploit Title: Langflow 1.2.x ...

9.8CVSS8.3AI score0.99972EPSS
Exploits33
Exploit DB
Exploit DB
added 2025/07/16 12:0 a.m.269 views

Langflow 1.2.x - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Langflow 1.2.x - Remote Code Execution RCE Date: 2025-07-11 Exploit Author: Raghad Abdallah Al-syouf Vendor Homepage: https://github.com/logspace-ai/langflow Software Link: https://github.com/logspace-ai/langflow/releases Version: = 1.2.x Tested on: Ubuntu /...

9.8CVSS7.4AI score0.99972EPSS
Exploits33
GithubExploit
GithubExploit
added 2025/07/06 1:49 a.m.270 views

Exploit for Code Injection in Langflow

CVE-2025-3248: Langflow Unauthenticated Remote Code Execution...

9.8CVSS9.9AI score0.99972EPSS
Exploits33
GithubExploit
GithubExploit
added 2025/07/03 7:51 p.m.353 views

Exploit for Code Injection in Langflow

CVE-2024-48061 Langflow vulnerable to remote code execution...

9.8CVSS7AI score0.01318EPSS
Exploits2
GithubExploit
GithubExploit
added 2025/06/28 1:3 a.m.270 views

Exploit for Code Injection in Langflow

CVE-2025-3248 - Langflow Code Validation Endpoint RCE A proof...

9.8CVSS10AI score0.99972EPSS
Exploits33
GithubExploit
GithubExploit
added 2025/06/25 3:40 a.m.328 views

Exploit for Code Injection in Langflow

⚠️ Langflow RCE Exploit Scanner CVE-2025-3248 This Python-b...

9.8CVSS10AI score0.99972EPSS
Exploits33
GithubExploit
GithubExploit
added 2025/06/23 9:36 a.m.194 views

Exploit for Code Injection in Langflow

Langflow CVE-2025-3248 Exploit Tool !Severityhttps://img.s...

9.8CVSS10AI score0.99972EPSS
Exploits33
GithubExploit
GithubExploit
added 2025/06/23 1:23 a.m.277 views

Exploit for Code Injection in Langflow

Langflow RCE Exploit CVE-2025-3248 !Python Versionhttps:...

9.8CVSS10AI score0.99972EPSS
Exploits33
GithubExploit
GithubExploit
added 2025/06/22 4:30 p.m.240 views

Exploit for Code Injection in Langflow

CVE-2025-3248 Langflow RCE Scanner 🔍 Description A powerf...

9.8CVSS10AI score0.99972EPSS
Exploits33
GithubExploit
GithubExploit
added 2025/06/22 3:49 p.m.296 views

Exploit for Code Injection in Langflow

CVE-2025-3248 – Unauthenticated Remote Code Execution in Langf...

9.8CVSS10AI score0.99972EPSS
Exploits33
GithubExploit
GithubExploit
added 2025/06/19 6:30 a.m.286 views

Exploit for Code Injection in Langflow

CVE-2025-3248 — Langflow RCE Exploit Remote Code Execution R...

9.8CVSS10AI score0.99972EPSS
Exploits33
GithubExploit
GithubExploit
added 2025/06/18 7:27 p.m.265 views

Exploit for Code Injection in Langflow

CVE-2025-3248 — Langflow AI Remote Code Execution Unauthentic...

9.8CVSS10AI score0.99972EPSS
Exploits33
GithubExploit
GithubExploit
added 2025/06/18 3:42 a.m.248 views

Exploit for Code Injection in Langflow

Langflow CVE-2025-3248 Exploit A Python-based exploit for CVE...

9.8CVSS10AI score0.99972EPSS
Exploits33
OSV
OSV
added 2025/06/17 8:14 p.m.5 views

GHSA-RVQX-WPFH-MFX7 Langflow Unauth RCE

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...

9.3CVSS8.3AI score0.99972EPSS
Exploits51References9
Github Security Blog
Github Security Blog
added 2025/06/17 8:14 p.m.21 views

Langflow Unauth RCE

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...

9.8CVSS9.9AI score0.99972EPSS
Exploits33References9Affected Software2
Rows per page
Query Builder