CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

99 matches found

Github Security Blog•added 2026/06/16 5:35 p.m.•19 views

Langflow: Unauthenticated RCE in Shareable Playgrounds

Summary The "Shareable Playground" or "Public Flows" in code contains a critical RCE vulnerability. Simply sharing a flow exposes the deployment to RCE risk by authenticated users. Tested on commit 2d67402b1dbaefcbce85a244d4a6cd5e4bda1cfe Details Shareable Playground feature works by enabling the...

9.6CVSS6AI score0.00577EPSS

Exploits1References2Affected Software1

RedhatCVE•added 2026/06/05 7:13 p.m.•9 views

CVE-2026-40288

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...

9.8CVSS6.2AI score0.00609EPSS

Exploits1References1

RedhatCVE•added 2026/05/19 1:58 a.m.•12 views

CVE-2026-45672

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

8.8CVSS6AI score0.00406EPSS

Exploits2References1

CNNVD•added 2026/04/22 12:0 a.m.•6 views

Red Hat Enterprise Linux AI 安全漏洞

Red Hat Enterprise Linux AI is a Linux distribution created by the American company Red Hat for generative AI. Red Hat Enterprise Linux AI RHEL AI 3 has a security vulnerability. This vulnerability stems from the linuxtrain.py script, which loads models from HuggingFace by hardcoding...

8.8CVSS6.2AI score0.00353EPSS

Exploits0References1

NVD•added 2026/04/08 4:16 p.m.•12 views

CVE-2026-33229

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

9.8CVSS0.0054EPSS

Exploits1References4

Snyk•added 2026/03/05 12:12 a.m.•4 views

Permissive List of Allowed Inputs

Overview @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Permissive List of Allowed Inputs via the processing of the mkdocs.yml configuration file...

9.8CVSS6AI score0.00476EPSS

Exploits0References2

ATTACKERKB•added 2026/02/12 8:52 p.m.•6 views

CVE-2026-26020

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.48, an authenticated user could achieve Remote Code Execution RCE on the backend server by embedding a disabled block inside a graph. The...

9.4CVSS6.3AI score0.0048EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2026/02/03 3:18 p.m.•20 views

CVE-2024-2356

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

9.6CVSS5.9AI score0.00769EPSS

Exploits0References1

EUVD•added 2026/02/02 10:36 a.m.•3 views

EUVD-2024-27309

9.6CVSS5.9AI score0.00769EPSS

Exploits0References3

ATTACKERKB•added 2026/02/02 10:36 a.m.•4 views

CVE-2024-2356

9.6CVSS5.9AI score0.00769EPSS

Exploits0References3

Positive Technologies•added 2026/02/02 12:0 a.m.•7 views

PT-2026-5649

A Local File Inclusion LFI vulnerability exists in the '/reinstall extension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstall extension" route. This vulnerability allows attackers to inject a malicious name parameter, leadin...

9.6CVSS5.9AI score0.00769EPSS

Exploits0References3

CNNVD•added 2026/01/30 12:0 a.m.•5 views

Backstage Code Injection Vulnerability

Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 1.13.11 and 1.14.1 contained a code injection vulnerability. This vulnerability stemmed from the ability to configure malicious hooks in the...

8.8CVSS6AI score0.00357EPSS

Exploits0References2

Vulnrichment•added 2026/01/29 5:39 p.m.•4 views

CVE-2026-24780 AutoGPT is Vulnerable to RCE via Disabled Block Execution

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution endpoints both main web API and external API allow executing blocks by UUID...

9.4CVSS6.2AI score0.01147EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-13350

Malware in sbrugna...

8.8CVSS8.7AI score0.02609EPSS

Exploits3References5

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2008-6506

Malware in sbrugna...

6.5CVSS6.4AI score0.0224EPSS

Exploits0References2