Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger an...

Astra Linux – Vulnerability in Raptor2

In the Raptor RDF Syntax Library version 2.0.16, there was a heap-based buffer overflow issue during the parsing of triples using the nquads parser in the raptorntriplesparseterminternal function...

Astra Linux – Vulnerability in OpenCV

A issue was discovered in OpenCV prior to version 4.1.1. There is a NULL pointer dereferencing in the function cv::XMLParser::parse, located in modules/core/src/persistence.cpp...

Astra Linux – Vulnerability in SQLite3

SQLite 3.30.1 improperly handles certain parser-tree rewrites, related to files expr.c, vdbeaux.c, and window.c. This issue is caused by incorrect error handling in the sqlite3WindowRewrite function...

Astra Linux – Vulnerability in openimageio

There is a heap-out-of-bounds read vulnerability in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, it relates to how run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata, potentially...

Arbitrary Command Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Command Injection via the parsecallabledetails function in codeparser.py. An attacker can execute arbitrary syst...

CVE-2026-7687 langflow-ai langflow Full Builtins code_parser.py CodeParser.parse_callable_details command injection

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...

CVE-2026-7687 langflow-ai langflow Full Builtins code_parser.py CodeParser.parse_callable_details command injection

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...

EUVD-2026-26825

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...

CVE-2026-7687

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...

CVE-2026-7687

LangFlow (langflow) up to version 1.8.4 is affected by a command-injection vulnerability in CodeParser.parse_callable_details (file src/lfx/src/lfx/custom/code_parser/code_parser.py, component Full Builtins Module Handler). The issue can be triggered remotely and an exploit has been publicly disc...

Langflow 注入漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.4 and earlier have a injection vulnerability, which stems from a function in the component Full Builtins Module Handler: CodeParser.parsecallabledetails...

PT-2026-36690

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parse callable details of the file src/lfx/src/lfx/custom/code parser/code parser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...

FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions

...

Linux Distros Unpatched Vulnerability : CVE-2026-42484

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer overflow in hextobinary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute...

Linux Distros Unpatched Vulnerability : CVE-2026-42480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack-based out-of-bounds read vulnerability in VrmlDataScene::ReadLine in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a...

Linux Distros Unpatched Vulnerability : CVE-2026-42481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open CASCADE Technology OCCT V800rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files...

Linux Distros Unpatched Vulnerability : CVE-2026-42479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability in VrmlDataIndexedLineSet::TShape in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a...

Linux Distros Unpatched Vulnerability : CVE-2026-42478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in VrmlDataIndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of...