240 matches found
Langflow < 1.9.2 Multiple Vulnerabilities
The version of Langflow installed on the remote host is prior to 1.9.2. It is, therefore, affected by multiple vulnerabilities: - The Shareable Playground feature enables execution of workflows by unauthenticated users. When the route /api/v1/buildpublictmp executes a flow, it allows providing...
GO-2026-5170 OpenFGA: Unauthenticated playground endpoint discloses preshared API key in HTML response in github.com/openfga/openfga
OpenFGA: Unauthenticated playground endpoint discloses preshared API key in HTML response in github.com/openfga/openfga...
CVE-2026-48519
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" or "Public Flows" in code contains a critical RCE vulnerability. Shareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessi...
CVE-2026-48520
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" or "Public Flows" in code contains a potential arbitrary file-read vulnerability, depending on the exact flow configuration used. By making a flow public, public execution of...
CVE-2026-48520 Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" or "Public Flows" in code contains a potential arbitrary file-read vulnerability, depending on the exact flow configuration used. By making a flow public, public execution of...
CVE-2026-48519
Langflow CVE-2026-48519 exposes unauthenticated RCE via the Shareable Playground. Affected: Langflow prior to 1.9.2. Vulnerable route: /api/v1/build_public_tmp permits executing any public flow; payloads can inject arbitrary Python code into data.nodes[X].data.node.template.code.value. Impact is ...
Malicious code in @mastra/playground-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f95ef610dd6911f5d9c670d625d68b49c360aa9d92d8aa2532087c32ffb88a2a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6033 Malicious code in @mastra/playground-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f95ef610dd6911f5d9c670d625d68b49c360aa9d92d8aa2532087c32ffb88a2a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
GHSA-V5FF-9Q35-Q26F Langflow: Unauthenticated RCE in Shareable Playgrounds
Summary The "Shareable Playground" or "Public Flows" in code contains a critical RCE vulnerability. Simply sharing a flow exposes the deployment to RCE risk by authenticated users. Tested on commit 2d67402b1dbaefcbce85a244d4a6cd5e4bda1cfe Details Shareable Playground feature works by enabling the...
Langflow: Unauthenticated RCE in Shareable Playgrounds
Summary The "Shareable Playground" or "Public Flows" in code contains a critical RCE vulnerability. Simply sharing a flow exposes the deployment to RCE risk by authenticated users. Tested on commit 2d67402b1dbaefcbce85a244d4a6cd5e4bda1cfe Details Shareable Playground feature works by enabling the...
VulnBoard
VulnBoard “If you don’t know about attacks, you can’t defend...
📄 Quick Playground for WordPress 1.3.1 Shell Upload
Proof of concept remote shell upload exploit for Quick Playground for WordPress plugin versions 1.3.1 and below. ================================================================================================================================== | Title : Quick Playground for WordPress 1.3.1 —...
CVE-2026-2500
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...
CVE-2026-2500
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...
CVE-2026-2500 Quick Playground <= 1.3.4 - Authenticated (Administrator+) Arbitrary File Read via 'filename' Parameter
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...
CVE-2026-2500
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...
CVE-2026-2500 Quick Playground <= 1.3.4 - Authenticated (Administrator+) Arbitrary File Read via 'filename' Parameter
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...
CVE-2026-2500
The Quick Playground WordPress plugin vulnerability (
EUVD-2026-34953
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...
PT-2026-47126
Name of the Vulnerable Software and Affected Versions Quick Playground versions prior to 1.3.5 Description The Quick Playground plugin for WordPress contains a path traversal flaw. The qckply data function processes the filename POST parameter and passes it to file get contents without proper...