Lucene search
K

11 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/06/24 12:0 a.m.7 views

VulnCheck KEV: CVE-2026-0769

Langflow evalcustomcomponentcode Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS7.8AI score0.33827EPSS
In wildExploits1References10
OSV
OSV
added 2026/06/05 3:54 a.m.4 views

MINI-Q3HH-WWJ8-84XC

Bulletin has no description...

6.1CVSS5.7AI score0.00178EPSS
Exploits0
OSV
OSV
added 2026/05/14 4:2 p.m.6 views

MINI-CMQ8-6V6W-H58P

Bulletin has no description...

6.5CVSS5.7AI score0.00295EPSS
Exploits0
OSV
OSV
added 2026/03/10 7:30 p.m.4 views

CGA-676W-93CV-MF32

Bulletin has no description...

7.5CVSS5.7AI score0.00327EPSS
Exploits0
Snyk
Snyk
added 2026/01/23 5:8 a.m.5 views

Eval Injection

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Eval Injection via the evalcustomcomponentcode function. An attacker can execute arbitrary code by supplying a crafted string that is evaluated without proper validation...

9.8CVSS7.6AI score0.33827EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.9 views

Langflow security vulnerabilities

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a security vulnerability, which stems from the lack of validation for strings provided by users in the implementation of the evalcustomcomponentcode function. This...

9.8CVSS7.6AI score0.33827EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2026/01/09 12:0 a.m.7 views

(0Day) Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of evalcustomcomponentcode function. The issue results from the lack of prop...

9.8CVSS7.6AI score0.33827EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.5 views

PT-2026-1999

Name of the Vulnerable Software and Affected Versions Langflow affected versions not specified Description A flaw exists in Langflow that allows remote attackers to execute arbitrary code. This does not require authentication. The issue is due to insufficient validation of user-supplied input...

9.8CVSS9AI score0.33827EPSS
Exploits1References2
NVD
NVD
added 2023/07/28 3:15 p.m.18 views

CVE-2023-39017

quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that...

9.8CVSS9.6AI score0.01017EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.16 views

SUSE: Security Advisory (SUSE-SU-2018:3018-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS7.4AI score0.04103EPSS
Exploits1References4
CNVD
CNVD
added 2021/05/12 12:0 a.m.8 views

Google Chromium Code Execution Vulnerability (CNVD-2021-34704)

Google Chromium is an open source web browser from Google USA. A security vulnerability previously existed in Google Chromium version 90.0.4430.212. The vulnerability stems from a type obfuscation security issue found in the V8 component of the program. No details of the vulnerability are provide...

8.8CVSS6.5AI score0.02517EPSS
Exploits1References1
Rows per page
Query Builder