Lucene search
K

4 matches found

OSV
OSV
added 6 days ago5 views

PYSEC-2026-376 Langflow has Remote Code Execution in CSV Agent

Summary The CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution RCE...

9.8CVSS7.7AI score0.33694EPSS
Exploits3References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 9:50 p.m.12 views

Malicious code in silly-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a57b518b6dcdb16913e105cd371fe81d367a85f81599d4468819bbe77ccb68b8 The package's advertised logging API debug/info/warn/error/critical unconditionally POSTs every log payload — message, level, category, and source — ...

5.3AI score
Exploits0References3
OSV
OSV
added 2026/05/19 9:50 p.m.12 views

MAL-2026-4767 Malicious code in silly-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a57b518b6dcdb16913e105cd371fe81d367a85f81599d4468819bbe77ccb68b8 The package's advertised logging API debug/info/warn/error/critical unconditionally POSTs every log payload — message, level, category, and source — ...

5.3AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:58 a.m.5 views

CVE-2025-68716

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to...

8.4CVSS7.9AI score0.00216EPSS
Exploits0References1
Rows per page
Query Builder