7 matches found
Arbitrary Code Injection
Langflow is vulnerable to Arbitrary Code Injection. The vulnerability is due to the validation process dynamically executing LLM‑generated Python code via exec, where the validation routine runs the generated code and an attacker who can influence the model output can achieve arbitrary server‑sid...
EUVD-2026-11338
PingPong is a platform for using large language models LLMs for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outside the intended authorization scope. This issue could result in retrieval or deletion of private files, including user-uploade...
CVE-2026-32097
PingPong, a platform for teaching/learning with LLMs, has a vulnerability prior to 7.27.2 where an authenticated user could retrieve or delete files outside the intended authorization scope. The issue allows retrieval of private files and deletion of files (including user uploads and model output...
CVE-2025-63872
DeepSeek V3.2 has a Cross Site Scripting XSS vulnerability, which allows JavaScript execution through model-generated SVG content...
EUVD-2025-200270
DeepSeek V3.2 has a Cross Site Scripting XSS vulnerability, which allows JavaScript execution through model-generated SVG content...
CVE-2025-63872
DeepSeek V3.2 is affected by an XSS vulnerability that allows JavaScript execution through model-generated SVG content. The CVE-2025-63872 entry notes a network-based vulnerability with low exploit complexity and requiring user interaction , resulting in a Medium (6.1) base score per CVSS 3.1. Mu...
CVE-2025-63872
DeepSeek V3.2 has a Cross Site Scripting XSS vulnerability, which allows JavaScript execution through model-generated SVG content...