Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

36392 matches found

RedhatCVE
RedhatCVEadded 2026/01/23 9:15 p.m.2 views

CVE-2026-22469

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through = 1.0.2...

5.3CVSS5.4AI score0.00021EPSS
Exploits0References1
NVD
NVDadded 2026/01/23 3:16 p.m.1 views

CVE-2026-24564

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.5...

4.3CVSS0.00052EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/01/23 2:28 p.m.31 views

CVE-2026-24564 WordPress Textmetrics plugin <= 3.6.5 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.5...

4.3CVSS0.00052EPSS
Exploits0References1
CVE
CVEadded 2026/01/23 2:28 p.m.6 views

CVE-2026-24564

CVE-2026-24564 is a WordPress Textmetrics plugin vulnerability (Textmetrics webtexttool) that allows authenticated shortcode execution / code injection through improper neutralization of script-related HTML tags. Affected versions are Textmetrics up to 3.6.3 (Wordfence notes Subscriber+ context f...

4.3CVSS5.9AI score0.00052EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/01/23 2:28 p.m.2 views

CVE-2026-24564 WordPress Textmetrics plugin <= 3.6.5 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.5...

4.3CVSS5.9AI score0.00052EPSS
Exploits0References1
OSV
OSVadded 2026/01/23 6:31 a.m.8 views

GHSA-XVMH-25JW-GMMM Moodle affected by a code injection vulnerability

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...

8.8CVSS5.9AI score0.0003EPSS
Exploits0References4
Snyk
Snykadded 2026/01/23 5:49 a.m.2 views

Arbitrary Code Injection

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Arbitrary Code Injection due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. An attacker can execute arbitrary code on the server by...

8.8CVSS6.1AI score0.0003EPSS
Exploits0References2
Snyk
Snykadded 2026/01/23 5:8 a.m.2 views

Arbitrary Code Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Code Injection via the actionoutputstrtomapping function. An attacker can execute arbitrary code as the service account. Remediation There is no fixed version for metagpt. References -...

9.8CVSS6.2AI score0.01515EPSS
Exploits0References2
Snyk
Snykadded 2026/01/23 5:8 a.m.3 views

Arbitrary Code Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the code parameter in the validate endpoint. An attacker can execute arbitrary code with root...

9.8CVSS7.6AI score0.04285EPSS
Exploits1References2
Snyk
Snykadded 2026/01/23 5:8 a.m.4 views

Arbitrary Code Injection

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection via the code parameter in the validate endpoint. An attacker can execute arbitrary code with root privileges by sending a specially crafted request...

9.8CVSS7.7AI score0.04285EPSS
Exploits1References2
Snyk
Snykadded 2026/01/23 5:8 a.m.6 views

Arbitrary Code Injection

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Arbitrary Code Injection via the loadtoolmodulebyid function in the utils/plugin.py file. An attacker can execute arbitrary code in the context of the service account by supplying a crafted string that is not...

8.8CVSS8.6AI score0.00225EPSS
Exploits1References2
Snyk
Snykadded 2026/01/23 5:8 a.m.3 views

Arbitrary Code Injection

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of Python function components. An attacker can execute arbitrary code by introducing custom Python code into a workflow. Remediati...

7.5CVSS7.4AI score0.00099EPSS
Exploits1References2
Snyk
Snykadded 2026/01/23 5:8 a.m.1 views

Arbitrary Code Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of Python function components. An attacker can execute arbitrary code by...

7.5CVSS7.4AI score0.00099EPSS
Exploits1References2
EUVD
EUVDadded 2026/01/23 4:35 a.m.1 views

EUVD-2026-4324

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a...

8.8CVSS5.8AI score0.0003EPSS
Exploits0References3
OSV
OSVadded 2026/01/23 4:16 a.m.3 views

CVE-2026-0768

Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...

9.8CVSS6.6AI score
Exploits0References1
NVD
NVDadded 2026/01/23 4:16 a.m.3 views

CVE-2026-0761

Foundation Agents MetaGPT actionoutputstrtomapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The...

9.8CVSS0.01515EPSS
Exploits0References1
OSV
OSVadded 2026/01/23 4:16 a.m.1 views

CVE-2026-0761

Foundation Agents MetaGPT actionoutputstrtomapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The...

9.8CVSS6.6AI score
Exploits0References1
CVE
CVEadded 2026/01/23 3:28 a.m.9 views

CVE-2026-0771

CVE-2026-0771 affects Langflow where the vulnerability stems from the handling of Python function components. The flaw may allow an attacker to introduce custom Python code into a workflow, leading to remote code execution with the application’s context. The root cause involves unsafe handling of...

7.1CVSS6.5AI score0.00099EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/01/23 3:28 a.m.26 views

CVE-2026-0771 Langflow PythonFunction Code Injection Remote Code Execution Vulnerability

Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...

7.1CVSS0.00099EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/01/23 3:28 a.m.3 views

CVE-2026-0771 Langflow PythonFunction Code Injection Remote Code Execution Vulnerability

Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...

7.1CVSS6.5AI score0.00099EPSS
Exploits1References1
Rows per page
Query Builder