CVE-2026-7700 langflow-ai langflow LambdaFilterComponent lambda_filter.p eval code injection

A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.30.4 contained security vulnerabilities. These vulnerabilities stemmed from an insecure eval...

Arbitrary Code Execution (ACE)

lilconfig is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to the insecure usage of eval in the dynamicImport function, which allows an attacker to inject malicious input through the defaultLoaders function and execute arbitrary code...

GHSA-FQ9M-V26V-2M4F lilconfig Code Injection vulnerability

Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function...

CVE-2024-21537

Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function...

Arbitrary Code Execution

Overview lilconfig is an A zero-dependency alternative to cosmiconfig Affected versions of this package are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the...

Remote Code Execution (RCE)

Overview git is a Ruby library that can be used to create, read and manipulate Git repositories by wrapping system calls to the git binary. Affected versions of this package are vulnerable to Remote Code Execution RCE due to the usage of the insecure eval function in the lsfiles method, which...