2970 matches found
CVE-2026-7700
Langflow-ai Langflow up to v1.8.4 is affected by a code injection in the LambdaFilterComponent’s eval function (src/lfx/src/lfx/components/llm_operations/lambda_filter.p). The underlying issue is unsafe evaluation of input, enabling remote exploitation. The CVE indicates the attack can be perform...
PT-2026-36707
Name of the Vulnerable Software and Affected Versions AV Stumpfl Pixera Two Media Server versions prior to 25.2 R3 Description A flaw in the Websocket API component allows for remote code injection. This occurs through the manipulation of an unknown function within the API. Recommendations Upgrad...
CVE-2026-7595
A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function formatplugins of the file .claude/skills/ui-styling/scripts/tailwindconfiggen.py of the component Tailwind Config Generator. This manipulation causes code injection. The attac...
CVE-2026-7595 nextlevelbuilder ui-ux-pro-max-skill Tailwind Config Generator tailwind_config_gen.py _format_plugins code injection
A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function formatplugins of the file .claude/skills/ui-styling/scripts/tailwindconfiggen.py of the component Tailwind Config Generator. This manipulation causes code injection. The attac...
EUVD-2026-26719
A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function formatplugins of the file .claude/skills/ui-styling/scripts/tailwindconfiggen.py of the component Tailwind Config Generator. This manipulation causes code injection. The attac...
CVE-2026-7595
A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function formatplugins of the file .claude/skills/ui-styling/scripts/tailwindconfiggen.py of the component Tailwind Config Generator. This manipulation causes code injection. The attac...
PT-2026-36547
Name of the Vulnerable Software and Affected Versions nextlevelbuilder ui-ux-pro-max-skill versions prior to 2.5.1 Description A flaw in the Tailwind Config Generator component allows remote code injection. The issue exists within the format plugins function located in the...
CVE-2026-7508
A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible...
EUVD-2026-26456
A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible...
PT-2026-36212
Name of the Vulnerable Software and Affected Versions Bootstrap CMS version 0.9.0-alpha Description An issue exists in the Page Creation Handler component within the file resources/views/pages/show.blade.php. Manipulation of the body argument allows for remote code injection, which is the executi...
CVE-2026-7388
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...
PT-2026-35940
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...
AgentScope Vulnerable to Remote Code Injection
A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...
GHSA-CR24-FV3H-8CJM AgentScope Vulnerable to Remote Code Injection
A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...
CVE-2026-6603 modelscope agentscope _python.py execute_shell_command code injection
A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...
CVE-2026-6603 modelscope agentscope _python.py execute_shell_command code injection
A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...
CVE-2026-6603
CVE-2026-6603 affects modelscope agentscope up to version 1.0.18. The vulnerability targets the function execute_python_code/execute_shell_command in src/AgentScope/tool/_coding/_python.py, enabling code injection due to the underlying manipulation. The attack is described as remotely exploitable...
CVE-2026-5973
A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...
CVE-2026-6125
A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...
CVE-2026-6110
A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...