11 matches found
VulnCheck KEV: CVE-2026-0769
Langflow evalcustomcomponentcode Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
MINI-Q3HH-WWJ8-84XC
Bulletin has no description...
MINI-CMQ8-6V6W-H58P
Bulletin has no description...
CGA-676W-93CV-MF32
Bulletin has no description...
Eval Injection
Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Eval Injection via the evalcustomcomponentcode function. An attacker can execute arbitrary code by supplying a crafted string that is evaluated without proper validation...
Langflow security vulnerabilities
Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a security vulnerability, which stems from the lack of validation for strings provided by users in the implementation of the evalcustomcomponentcode function. This...
(0Day) Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of evalcustomcomponentcode function. The issue results from the lack of prop...
PT-2026-1999
Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in Langflow that allows remote attackers to execute arbitrary code. This does not require authentication. The issue is due to insufficient validation of user-supplied input...
CVE-2023-39017
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that...
SUSE: Security Advisory (SUSE-SU-2018:3018-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Google Chromium Code Execution Vulnerability (CNVD-2021-34704)
Google Chromium is an open source web browser from Google USA. A security vulnerability previously existed in Google Chromium version 90.0.4430.212. The vulnerability stems from a type obfuscation security issue found in the V8 component of the program. No details of the vulnerability are provide...