Lucene search
+L

57 matches found

osv
osv
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-378 Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

Summary All components based on BaseFileComponent are vulnerable to the following vulnerability: 1. Docling DoclingInlineComponent 2. Docling Serve DoclingRemoteComponent 3. Read File FileComponent 4. NVIDIA Retriever Extraction NvidiaIngestComponent 5. Video File VideoFileComponent 6. Unstructur...

9.6CVSS6.3AI score0.00411EPSS
Exploits1References6
nvd
nvd
added 2026/06/23 5:17 p.m.9 views

CVE-2026-55447

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to t...

9.6CVSS0.00411EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/06/23 4:21 p.m.3 views

CVE-2026-55447

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to t...

9.6CVSS5.9AI score0.00411EPSS
Exploits1References3Affected Software1
cve
cve
added 2026/06/23 4:21 p.m.23 views

CVE-2026-55447

Langflow’s BaseFileComponent family (including Read File, DoclingInlineComponent, DoclingServe, DoclingRemoteComponent, NvidiaIngestComponent, VideoFileComponent, UnstructuredComponent) is affected by CVE-2026-55447. The underlying issue is in base_file.py: _unpack_bundle TAR extraction does not ...

9.6CVSS5.9AI score0.00411EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2026/06/23 4:21 p.m.52 views

CVE-2026-55447 Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to t...

9.6CVSS0.00411EPSS
Exploits1References2
osv
osv
added 2026/06/19 9:18 p.m.12 views

GHSA-CCV6-R384-XP75 Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

Summary All components based on BaseFileComponent are vulnerable to the following vulnerability: 1. Docling DoclingInlineComponent 2. Docling Serve DoclingRemoteComponent 3. Read File FileComponent 4. NVIDIA Retriever Extraction NvidiaIngestComponent 5. Video File VideoFileComponent 6. Unstructur...

9.6CVSS6.3AI score0.00411EPSS
Exploits1References3
github
github
added 2026/06/19 9:18 p.m.13 views

Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

Summary All components based on BaseFileComponent are vulnerable to the following vulnerability: 1. Docling DoclingInlineComponent 2. Docling Serve DoclingRemoteComponent 3. Read File FileComponent 4. NVIDIA Retriever Extraction NvidiaIngestComponent 5. Video File VideoFileComponent 6. Unstructur...

9.6CVSS6.3AI score0.00411EPSS
Exploits1References3Affected Software1
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.12 views

goclaw 操作系统命令注入漏洞

Goclaw is an open-source multi-tenant AI agent platform developed by Next Level Builder. Goclaw versions 3.11.3 and earlier contained a vulnerability related to operating system command injection. This vulnerability originated from the FsBridge.WriteFile function in the internal/sandbox/fsbridge....

7.5CVSS7.7AI score0.01336EPSS
Exploits0References7
cvelist
cvelist
added 2026/01/13 12:0 a.m.26 views

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

0.0071EPSS
Exploits2References2
nvd
nvd
added 2025/11/24 4:15 a.m.6 views

CVE-2025-13582

A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the component GET Parameter Handler. Performing manipulation of the argument Product results in sql injection. Remote exploitation of the attack ...

9.8CVSS0.00346EPSS
Exploits1References5
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25713

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00723EPSS
Exploits1References1
nvd
nvd
added 2025/08/25 5:15 p.m.5 views

CVE-2025-50722

Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...

9.8CVSS0.00723EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/08/25 12:0 a.m.2 views

CVE-2025-50722

Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...

8.1AI score0.00723EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/08/25 12:0 a.m.4 views

Samarium 安全漏洞

Samarium is an open source business management system by oitcode individual developers. A security vulnerability exists in Samarium 0.9.6 and earlier versions, which stems from the vulnerability of file/dashboard/team to cross-site scripting attacks...

5.4CVSS3.8AI score0.00319EPSS
Exploits1References5
osv
osv
added 2025/08/05 12:0 a.m.6 views

CVE-2025-50707

An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component...

9.8CVSS8.1AI score0.01029EPSS
Exploits1References4
redhatcve
redhatcve
added 2025/05/23 4:5 a.m.4 views

CVE-2023-3789

A vulnerability, which was classified as problematic, was found in PaulPrinting CMS 2018. Affected is an unknown function of the file /account/delivery of the component Search. The manipulation of the argument s leads to cross site scripting. It is possible to launch the attack remotely. The...

6.1CVSS6.3AI score0.00522EPSS
Exploits1
cve
cve
added 2024/11/06 7:11 p.m.89 views

CVE-2024-51751

Gradio Arbitrary File Read (CVE-2024-51751): Affects Gradio

6.5CVSS6.5AI score0.00672EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2024/11/06 7:11 p.m.21 views

CVE-2024-51751 Arbitrary file read with File and UploadButton components in Gradio

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary file...

6.5CVSS6.9AI score0.00672EPSS
Exploits1References1
cvelist
cvelist
added 2024/11/06 7:11 p.m.27 views

CVE-2024-51751 Arbitrary file read with File and UploadButton components in Gradio

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary file...

6.5CVSS0.00672EPSS
Exploits1References1
osv
osv
added 2024/05/03 12:0 a.m.21 views

CVE-2024-30851

Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the downloadfile.php component...

6.5CVSS7AI score0.04611EPSS
Exploits7References4
Rows per page
Query Builder