CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added yesterday•16 views

Langflow < 1.3.0 - Remote Code Execution via validate_code() exec()

Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. id: CVE-2026-0770 info: name: Langflow...

9.8CVSS8.1AI score0.14653EPSS

Exploits8References3

NVD•added 2 days ago•8 views

CVE-2022-49042

An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors...

NVD•added 2 days ago•5 views

CVE-2022-49036

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...

Cvelist•added 2 days ago•28 views

CVE-2022-49036

Cvelist•added 2 days ago•30 views

CVE-2022-49042

Vulnrichment•added 2 days ago•4 views

CVE-2022-49042

7.8CVSS6.2AI score0.00014EPSS

ATTACKERKB•added 2 days ago•6 views

CVE-2022-49042

7.8CVSS6.2AI score0.00014EPSS

CVE•added 2 days ago•9 views

CVE-2022-49042

CVE-2022-49042 affects Synology Hyper Backup Explorer (MinGW DLL component). The vulnerability arises from inclusion of functionality from an untrusted control sphere, enabling local arbitrary code execution via unspecified vectors in versions before 3.0.1-0156. The CVSSv3.1 vector is Local attac...

7.8CVSS6.2AI score0.00014EPSS

Exploit DB•added 2026/05/29 12:0 a.m.•44 views

Langflow 1.3.0 - Remote Code Execution

Exploit Title: Langflow 1.3.0 - Remote Code Execution Fofa-dork: title="Langflow" Shodan-dork: title:"Langflow" Date: 23-05-2026 Exploit Author: Diamorphine Venodor Homepage: https://www.langflow.org/ Software Link: https://github.com/langflow-ai/langflow Version: 1.2.0 Tested on: Debian CVE :...

9.8CVSS7.3AI score0.14653EPSS

Packet Storm•added 2026/05/29 12:0 a.m.•24 views

📄 Langflow 1.3.0 Remote Code Execution

9.8CVSS8.1AI score0.14653EPSS

GithubExploit•added 2026/05/23 9:26 p.m.•37 views

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Langflow

No d...

9.8CVSS7.3AI score0.14653EPSS

GithubExploit•added 2026/05/23 9:26 p.m.•47 views

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Langflow

No d...

9.8CVSS5.8AI score0.14653EPSS

EUVD•added 2026/05/21 8:21 a.m.•4 views

EUVD-2026-31249

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5...

4.3CVSS5.8AI score0.0003EPSS

ATTACKERKB•added 2026/05/21 8:21 a.m.•4 views

CVE-2026-27349

4.3CVSS5.8AI score0.0003EPSS

EUVD•added 2026/05/07 9:31 a.m.•5 views

EUVD-2026-28332

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8...

5.3CVSS5.8AI score0.00012EPSS

ATTACKERKB•added 2026/05/07 7:37 a.m.•2 views

CVE-2026-25468

5.3CVSS5.8AI score0.00012EPSS

RedhatCVE•added 2026/04/30 2:47 p.m.•2 views

CVE-2026-42644

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through = 4.3.10...

5.3CVSS5.2AI score0.00013EPSS

NVD•added 2026/04/29 12:16 p.m.•0 views

CVE-2026-42644

5.3CVSS0.00013EPSS