978 matches found
CVE-2026-35002
The vulnerability CVE-2026-35002 affects Agno versions prior to 2.3.24 in the model execution component. An attacker can trigger remote code execution by manipulating the field_type parameter passed to eval() within a FunctionCall, allowing arbitrary Python code execution. This results in high im...
PT-2026-29825
Name of the Vulnerable Software and Affected Versions PraisonAI affected versions not specified Description PraisonAI is susceptible to a critical Python sandbox escape issue that permits code execution outside of the intended sandbox environment. The flaw resides within the execute code function...
Exploit for Code Injection in Openwebui Open_Webui
CVE-2026-0766: OpenWebUI Remote Code Execution Educational...
Arbitrary Code Injection
Langflow is vulnerable to Arbitrary Code Injection. The vulnerability is due to the validation process dynamically executing LLM‑generated Python code via exec, where the validation routine runs the generated code and an attacker who can influence the model output can achieve arbitrary server‑sid...
Arbitrary Code Injection
Overview smolagents is a 🤗 smolagents: a barebones library for agents. Agents write python code to call tools or orchestrate other agents. Affected versions of this package are vulnerable to Arbitrary Code Injection through the LocalPythonExecutor in the localpythonexecutor.py component. An...
GHSA-V8HW-MH8C-JXFC Langflow has Authenticated Code Execution in Agentic Assistant Validation
Description 1. Summary The Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the implementation reaches dynamic execution sinks and instantiates the generated class...
Langflow has Authenticated Code Execution in Agentic Assistant Validation
Description 1. Summary The Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the implementation reaches dynamic execution sinks and instantiates the generated class...
Exploit for CVE-2026-33017
CVE-2026-33017-Langflow-RCE-PoC The vulnerability in Langflow...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...
VulnCheck KEV: CVE-2026-33017
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...
CVE-2026-29186
Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the...
Backstage 代码问题漏洞
Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 1.14.3 contained code-related vulnerabilities. These vulnerabilities stemmed from defects in the configuration allowlist, which could allow...
CVE-2026-27494
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python...
EUVD-2026-8882
Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application com.unitree.doggo2, are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLi...
CVE-2026-27510
Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application com.unitree.doggo2, are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLi...
CVE-2026-27510 Unitree Go2 Mobile Program Tampering Enables Root RCE
Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application com.unitree.doggo2, are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLi...
CVE-2026-27510
CVE-2026-27510 affects Unitree Go2 firmware 1.1.7–1.1.11 with the Go2 Android app (com.unitree.doggo2). The issue is remote code execution due to missing integrity protection and validation of user-created programs. The Android app stores programs in a local SQLite database (unitree_go2.db, table...
PT-2026-22179
Name of the Vulnerable Software and Affected Versions Unitree Go2 versions 1.1.7 through 1.1.11 Description Remote code execution is possible due to a lack of integrity protection and validation of user-created programs when used with the Unitree Go2 Android application com.unitree.doggo2. The...
PT-2026-22178
Name of the Vulnerable Software and Affected Versions Unitree Go2 versions V1.1.7 through V1.1.9 Unitree Go2 version V1.1.11 EDU Description Lack of DDS authentication and authorization for the Eclipse CycloneDDS topic "rt/api/programming actuator/request" handled by actuator manager.py allows a...