CVE-2026-55447

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to t...

CVE-2026-55447

Langflow’s BaseFileComponent family (including Read File, DoclingInlineComponent, DoclingServe, DoclingRemoteComponent, NvidiaIngestComponent, VideoFileComponent, UnstructuredComponent) is affected by CVE-2026-55447. The underlying issue is in base_file.py: _unpack_bundle TAR extraction does not ...

CVE-2026-55447 Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to t...

Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

Summary All components based on BaseFileComponent are vulnerable to the following vulnerability: 1. Docling DoclingInlineComponent 2. Docling Serve DoclingRemoteComponent 3. Read File FileComponent 4. NVIDIA Retriever Extraction NvidiaIngestComponent 5. Video File VideoFileComponent 6. Unstructur...

goclaw 操作系统命令注入漏洞

Goclaw is an open-source multi-tenant AI agent platform developed by Next Level Builder. Goclaw versions 3.11.3 and earlier contained a vulnerability related to operating system command injection. This vulnerability originated from the FsBridge.WriteFile function in the internal/sandbox/fsbridge....

CVE-2025-25652

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal...

CVE-2025-13582

A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the component GET Parameter Handler. Performing manipulation of the argument Product results in sql injection. Remote exploitation of the attack ...

EUVD-2025-25713

Malicious code in bioql PyPI...

CVE-2025-50722

Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...

CVE-2025-50722

Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component...

Samarium 安全漏洞

Samarium is an open source business management system by oitcode individual developers. A security vulnerability exists in Samarium 0.9.6 and earlier versions, which stems from the vulnerability of file/dashboard/team to cross-site scripting attacks...

CVE-2025-50707

An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component...

CVE-2023-3789

A vulnerability, which was classified as problematic, was found in PaulPrinting CMS 2018. Affected is an unknown function of the file /account/delivery of the component Search. The manipulation of the argument s leads to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2024-51751 Arbitrary file read with File and UploadButton components in Gradio

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary file...

CVE-2024-51751 Arbitrary file read with File and UploadButton components in Gradio

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary file...

CVE-2024-51751

Gradio Arbitrary File Read (CVE-2024-51751): Affects Gradio

CVE-2024-30851

Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the downloadfile.php component...

PT-2024-23633

Name of the Vulnerable Software and Affected Versions codesiddhant Jasmin Ransomware version 1.0.1 Description The issue allows an attacker to obtain sensitive information via the download file.php component due to a Directory Traversal vulnerability. This vulnerability can be exploited to access...

UBUNTU-CVE-2023-46426

Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service DoS via gffwrite component in at utils/osfile.c...

CVE-2024-26548

An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the uploadfile.cgi component...