CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

vulnersOsv•added 2026/05/03 3:24 p.m.•2 views

dzbanek-langflow-base (>=0.6.0 <=0.6.1), langflow-base (>=0.7.0 <=0.8.0rc2) +1 more potentially affected by CVE-2026-7700 via lfx (>=0.1.13 <=0.3.4)

lfx PYPI version =0.1.13, =0.6.0, =0.7.0, =0.8.0rc2 - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-7700 Source advisory: SNYK:PYTHON-LFX-16479357...

6.5CVSS6.5AI score0.00015EPSS

Exploits0

vulnersOsv•added 2026/05/03 10:15 a.m.•5 views

dzbanek-langflow-base (>=0.6.0 <=0.6.1), langflow-base (>=0.7.0 <=0.8.0rc2) +1 more potentially affected by CVE-2026-7687 via lfx (>=0.1.13 <=0.3.4)

lfx PYPI version =0.1.13, =0.6.0, =0.7.0, =0.8.0rc2 - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-7687 Source advisory: SNYK:PYTHON-LFX-16479355...

6.5CVSS6.5AI score0.00339EPSS

Exploits0

vulnersOsv•added 2026/04/20 5:12 a.m.•0 views

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-6598 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-6598 Source advisory: SNYK:PYTHON-LANGFLOWBASE-16110822...

5.3CVSS5.8AI score0.00014EPSS

Exploits0

vulnersOsv•added 2026/04/20 5:10 a.m.•1 views

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-6599 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-6599 Source advisory: SNYK:PYTHON-LANGFLOWBASE-16110821...

6.5CVSS6.5AI score0.00053EPSS

Exploits0

Snyk•added 2026/04/20 4:11 a.m.•2 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the createuploadfile function. An attacker can upload arbitrary files by sending crafted requests to the affected API endpoint. Remediation Upgrade langflow-base to version 0.8.0 or higher. References - GitHub...

9.4CVSS7.2AI score0.00054EPSS

Exploits0References2

vulnersOsv•added 2026/04/20 4:11 a.m.•2 views

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-6596 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-6596 Source advisory: SNYK:PYTHON-LANGFLOWBASE-16110820...

7.5CVSS7AI score0.00054EPSS

Exploits0

vulnersOsv•added 2026/04/20 3:34 a.m.•4 views

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-6596 via langflow-base (=0.7.2)

7.5CVSS7AI score0.00054EPSS

Exploits0

vulnersOsv•added 2026/03/27 9:32 p.m.•0 views

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-33873 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-33873 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15812241...

9.9CVSS5.8AI score0.00065EPSS

Exploits1

Snyk•added 2026/03/27 7:36 p.m.•1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the readflow helper in src/backend/base/langflow/api/v1/flows.py. An attacker can read, modify, or delete another user's flow by supplying that flow's UUID to the GET, PATCH, or DELETE /api/v1/flow/flowid...

8.8CVSS5.9AI score0.0004EPSS

Exploits0References3

vulnersOsv•added 2026/03/27 5:31 p.m.•0 views

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-5027 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-5027 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15842030...

8.8CVSS5.8AI score0.00035EPSS

Exploits3

Snyk•added 2026/03/27 5:31 p.m.•3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the downloadimage endpoint. An attacker can access and download image files belonging to any flow by knowing or guessing the flow ID and file name. Remediation There is no fixed version for langflow-base...

6.3CVSS5.9AI score0.0006EPSS

Exploits0References2

vulnersOsv•added 2026/03/27 5:31 p.m.•0 views

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-5022 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-5022 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15840036...

6.3CVSS5.8AI score0.0006EPSS

Exploits0

vulnersOsv•added 2026/03/27 5:31 p.m.•1 views

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-5026 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-5026 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15814086...

7CVSS5.8AI score0.00052EPSS

Exploits0

vulnersOsv•added 2026/03/27 5:31 p.m.•0 views

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-5025 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-5025 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15813866...

6.5CVSS5.8AI score0.00071EPSS

Exploits0

vulnersOsv•added 2026/03/20 8:47 p.m.•0 views

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-33484 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-33484 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15746998...

7.5CVSS5.8AI score0.0005EPSS

Exploits1

vulnersOsv•added 2026/03/20 8:43 a.m.•0 views

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-33053 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-33053 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15701926...

8.8CVSS5.8AI score0.00057EPSS

Exploits0

Snyk•added 2026/03/20 8:43 a.m.•3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the deleteapikeyroute endpoint. An attacker can delete API keys belonging to other users by providing the apikeyid of a key they do not own. Remediation Upgrade langflow-base to versio...

9.6CVSS5.8AI score0.00057EPSS

Exploits0References2

Snyk•added 2026/03/19 5:46 p.m.•1 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the POST /api/v2/files/ endpoint. An attacker can execute arbitrary code, overwrite critical files, or gain unauthorized access by uploading files with crafted filenames that bypass containment...

9.9CVSS6.1AI score0.00065EPSS

Exploits1References2

vulnersOsv•added 2026/03/19 5:46 p.m.•0 views

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-33309 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-33309 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15702032...

9.9CVSS5.8AI score0.00065EPSS

Exploits1

vulnersOsv•added 2026/03/17 8:5 p.m.•0 views

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-33017 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-33017 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15680351...

9.8CVSS6AI score0.23981EPSS

Exploits16

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by