36392 matches found
CVE-2026-0768
Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...
CVE-2026-0768 Langflow code Code Injection Remote Code Execution Vulnerability
Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...
CVE-2026-0768
CVE-2026-0768 affects Langflow. The vulnerability is in the validate endpoint’s handling of the code parameter, where unvalidated user-supplied Python code is executed via exec(), enabling remote code execution with root privileges. Concrete details in connected docs show the issue resides in val...
CVE-2026-0768 Langflow code Code Injection Remote Code Execution Vulnerability
Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...
CVE-2026-0761 Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability
Foundation Agents MetaGPT actionoutputstrtomapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The...
CVE-2026-0761
The CVE-2026-0761 issue affects Foundation Agents MetaGPT, where the function actionoutput_str_to_mapping accepts user-supplied strings without proper validation, allowing remote code execution in the service account context. Reports from Red Hat and NVD summarize the flaw as a Python code execut...
CVE-2026-0761 Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability
Foundation Agents MetaGPT actionoutputstrtomapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The...
CVE-2026-24132
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...
MetaGPT code injection vulnerability
MetaGPT is a multi-agent framework developed by MetaGPT Inc. MetaGPT has a code injection vulnerability, which stems from the actionoutputstrtomapping function’s lack of validation for strings provided by users. This vulnerability may lead to code injection and remote code execution...
Open WebUI Code Injection Vulnerability
Open WebUI is an open-source, scalable, feature-rich, and user-friendly self-hosted WebUI. Open WebUI has a code injection vulnerability, which stems from the lack of validation for the string provided by users in the loadtoolmodulebyid function. This vulnerability may lead to code injection and...
Langflow code injection vulnerability
Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a code injection vulnerability, which arises from the possibility of introducing custom code when handling Python function components. This vulnerability may lead t...
WordPress plugin Textmetrics has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Langflow code injection vulnerability
Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a code injection vulnerability, which stems from a lack of validation for the strings provided by users when processing code parameters. This vulnerability may lead...
WordPress Plugin BuddyPress Code Injection Vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Langflow security vulnerabilities
Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a security vulnerability, which stems from the lack of validation for strings provided by users in the implementation of the evalcustomcomponentcode function. This...
PT-2026-4406
Name of the Vulnerable Software and Affected Versions Israpil Textmetrics webtexttool versions through 3.6.3 Description A flaw exists in Israpil Textmetrics webtexttool that allows for code injection due to improper neutralization of script-related HTML tags on a web page. This is a Basic...
CVE-2026-24132
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...
CVE-2026-24132 Orval Mock Generation Code Injection via const
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...
CVE-2026-24132
CVE-2026-24132 affects Orval’s mock generation path in @orval/mock. Untrusted OpenAPI specs can inject arbitrary TypeScript/JavaScript into generated mock files through the const values on schema properties, which are interpolated into the mock scalar generator without proper escaping. This can l...
CVE-2026-24132 Orval Mock Generation Code Injection via const
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...