CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Metasploit•added 2026/04/23 7:0 p.m.•291 views

Langflow RCE

The CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain's Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution RCE. Module...

9.8CVSS9.2AI score0.33694EPSS

Exploits3

Packet Storm•added 2026/04/23 12:0 a.m.•97 views

📄 Langflow Remote Code Execution

The CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes the LangChains Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full remote code execution. This module...

9.8CVSS8.2AI score0.33694EPSS

Exploits3

OSV•added 2026/02/27 3:47 p.m.•4 views

GHSA-3645-FXCV-HQR4 Langflow has Remote Code Execution in CSV Agent

Summary The CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution RCE...

9.8CVSS6.4AI score0.33694EPSS

Exploits3References4

Snyk•added 2026/02/26 6:18 a.m.•6 views

Arbitrary Code Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the allowdangerouscode=True which automatically exposes LangChain’s Python REPL tool...

9.8CVSS6AI score0.33694EPSS

Exploits3References2

ATTACKERKB•added 2026/02/26 1:55 a.m.•9 views

CVE-2026-27966

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...

9.8CVSS6.1AI score0.33694EPSS

Exploits3References4Affected Software1

RedhatCVE•added 2025/05/23 9:21 a.m.•2 views

CVE-2024-38459

langchainexperimental aka LangChain Experimental before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444...

9.8CVSS7.2AI score0.00766EPSS

Exploits0References1

OSV•added 2024/06/16 3:30 p.m.•1 views

GHSA-WMVM-9VQV-5QPP langchain_experimental Code Execution via Python REPL access

7.8CVSS5.8AI score0.00225EPSS

Exploits0References6

NVD•added 2024/06/16 3:15 p.m.•26 views

CVE-2024-38459

7.8CVSS0.00225EPSS

Exploits0References3

OSV•added 2024/06/16 3:15 p.m.•14 views

CVE-2024-38459

7.8CVSS7.3AI score

Exploits0References3

PyPA•added 2024/06/16 3:15 p.m.•6 views

PYSEC-2024-53

9.8CVSS7AI score0.00766EPSS

Exploits0References4Affected Software1

OSV•added 2024/06/16 3:15 p.m.•10 views

PYSEC-2024-53

7.8CVSS5.8AI score0.00225EPSS

Exploits0References4

Vulnrichment•added 2024/06/16 12:0 a.m.•22 views

CVE-2024-38459

7AI score0.00225EPSS

Exploits0References3

PyPA•added 2023/08/15 5:15 p.m.•6 views

PYSEC-2023-147

An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool.run component...

9.8CVSS8AI score0.01267EPSS

Exploits1References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by