Exploit for Cross-site Scripting in B3Log Siyuan

CVE-2026-33017 — Langflow Unauthenticated RCE Nuclei Template...

📄 Langflow 1.8.1 Remote Code Execution

This Python script is a multi-threaded tool targeting a suspected vulnerability in Langflow versions 1.8.1 and below that allows unauthenticated remote code execution through unsafe execution of CustomComponent code during flow compilation...

Langflow < 1.9.0 RCE (GHSA-vwmf-pq79-vjvx)

The version of Langflow installed on the remote host is prior to 1.9.0. It is, therefore, affected by a remote code execution vulnerability: - The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is...

Unauthenticated Remote Code Execution In Langflow Via Public Flow Build Endpoint

Summary The "POST /api/v1/buildpublictmp/flowid/flow" endpoint allows building public flows without requiring authentication. When the optional "data" parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored...

CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

Summary The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored flow...

com.github.mcollovati:quarkus-hilla-commons-deployment (=25.0.0-beta1), com.github.mcollovati:quarkus-hilla-deployment (=25.0.0-beta1) +22 more potentially affected by CVE-2026-2741 via com.vaadin:flow-build-tools (>=25.0.0-rc1 <=25.0.2)

com.vaadin:flow-build-tools MAVEN version =25.0.0-rc1, =25.0.0, =25.0.0, =4.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.9, =25.0.12 and more Source cves: CVE-2026-2741 Source advisory: SNYK:JAVA-COMVAADIN-15518324...

PT-2026-25992

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow is a visual framework used to build and deploy AI-powered agents and workflows. A critical issue exists in the "POST /api/v1/build public tmp/flow id/flow" endpoint, which allows the...