Lucene search
K

24 matches found

PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

SummaryThe POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored flow...

9.8CVSS8.1AI score0.98191EPSS
Exploits20References14Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-379 Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

Summary The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored flow...

9.8CVSS6.8AI score0.98191EPSS
Exploits20References14
NVD
NVD
added 2026/06/25 9:16 p.m.9 views

CVE-2026-56445

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS0.00434EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:46 p.m.6 views

CVE-2026-56445

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS6AI score0.00434EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:35 p.m.30 views

CVE-2026-6094 Heap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedData

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

6.3CVSS0.00294EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/25 4:35 p.m.7 views

CVE-2026-6094

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

9.1CVSS5.9AI score0.00294EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.13 views

SUSE CVE-2026-44637

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS6AI score0.0016EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/14 8:2 p.m.12 views

EUVD-2026-30412

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS6AI score0.0016EPSS
Exploits1References1
OSV
OSV
added 2026/05/12 3:7 p.m.7 views

GHSA-V25V-M36W-JP4H Dalfox Server Mode Vulnerable to Unauthenticated Remote Code Execution via `found-action`

GHSA: Unauthenticated Remote Code Execution via found-action in Dalfox Server Mode Summary When dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options —...

10CVSS6.4AI score0.01051EPSS
Exploits2References4
Veracode
Veracode
added 2026/03/21 5:26 a.m.8 views

Unauthenticated Remote Code Execution In Langflow Via Public Flow Build Endpoint

Summary The "POST /api/v1/buildpublictmp/flowid/flow" endpoint allows building public flows without requiring authentication. When the optional "data" parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored...

9.8CVSS8AI score0.9999EPSS
Exploits52Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 4:52 a.m.6 views

CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

9.3CVSS7.9AI score0.98191EPSS
Exploits20References3
VulnCheck KEV
VulnCheck KEV
added 2026/03/19 12:0 a.m.44 views

VulnCheck KEV: CVE-2026-33017

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

9.8CVSS6.2AI score0.9999EPSS
In wildExploits52References8
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2019-16228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdbenvopen2 if mdbenvreadheader obtains a zero value for a certain size...

7.5CVSS7.1AI score0.01786EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.13 views

PT-2026-25992

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow contains a flaw in the 'POST /api/v1/build public tmp/flow id/flow' endpoint that allows unauthenticated remote code execution. The endpoint is designed to build public flows without...

10CVSS7.4AI score0.98191EPSS
Exploits20References289
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.5 views

SUSE CVE-2019-16224

An issue was discovered in py-lmdb 0.97. For certain values of mdflags, mdbnodeadd does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

9.8CVSS9.3AI score0.01765EPSS
Exploits1References3
OSV
OSV
added 2019/09/11 3:15 p.m.2 views

DEBIAN-CVE-2019-16227

An issue was discovered in py-lmdb 0.97. For certain values of mnflags, mdbcursorset triggers a memcpy with an invalid write operation within mdbxcursorinit1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

9.8CVSS8.4AI score0.01963EPSS
Exploits1References1
Prion
Prion
added 2019/09/11 3:15 p.m.15 views

Design/Logic Flaw

An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdbenvopen2 if mdbenvreadheader obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

5CVSS7.6AI score0.01786EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2019/09/11 3:15 p.m.7 views

PYSEC-2019-239

An issue was discovered in py-lmdb 0.97. For certain values of mnflags, mdbcursorset triggers a memcpy with an invalid write operation within mdbxcursorinit1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

9.8CVSS7AI score0.01963EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2019/09/11 3:15 p.m.16 views

Design/Logic Flaw

An issue was discovered in py-lmdb 0.97. For certain values of mpflags, mdbpagetouch does not properly set up mc-mcpgmc-top, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

7.5CVSS9.4AI score0.01765EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/09/11 3:15 p.m.4 views

UBUNTU-CVE-2019-16228

An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdbenvopen2 if mdbenvreadheader obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

7.5CVSS5.8AI score0.01786EPSS
Exploits1References3
Rows per page
Query Builder