Lucene search
K

7 matches found

GithubExploit
GithubExploit
added 2026/05/12 7:20 p.m.98 views

Exploit for Cross-site Scripting in B3Log Siyuan

CVE-2026-33017 — Langflow Unauthenticated RCE Nuclei Template...

9.8CVSS7AI score0.98191EPSS
Exploits21
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.8 views

Langflow < 1.9.0 RCE (GHSA-vwmf-pq79-vjvx)

The version of Langflow installed on the remote host is prior to 1.9.0. It is, therefore, affected by a remote code execution vulnerability: - The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is...

9.8CVSS6.8AI score0.98191EPSS
Exploits20References2
Veracode
Veracode
added 2026/03/21 5:26 a.m.6 views

Unauthenticated Remote Code Execution In Langflow Via Public Flow Build Endpoint

Summary The "POST /api/v1/buildpublictmp/flowid/flow" endpoint allows building public flows without requiring authentication. When the optional "data" parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored...

9.8CVSS8AI score0.9999EPSS
Exploits52Affected Software1
OSV
OSV
added 2026/03/20 4:52 a.m.5 views

CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

9.3CVSS6.3AI score0.98191EPSS
Exploits20References9
Cvelist
Cvelist
added 2026/03/20 4:52 a.m.54 views

CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

9.3CVSS0.98191EPSS
Exploits20References3
Github Security Blog
Github Security Blog
added 2026/03/17 8:5 p.m.12 views

Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

Summary The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored flow...

9.8CVSS6.5AI score0.98191EPSS
Exploits20References12Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.13 views

PT-2026-25992

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow contains a flaw in the 'POST /api/v1/build public tmp/flow id/flow' endpoint that allows unauthenticated remote code execution. The endpoint is designed to build public flows without...

10CVSS7.4AI score0.98191EPSS
Exploits20References289
Rows per page
Query Builder