CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

CVE-2026-48520

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" or "Public Flows" in code contains a potential arbitrary file-read vulnerability, depending on the exact flow configuration used. By making a flow public, public execution of...

6.1CVSS0.00218EPSS

Exploits0References1

NVD•added 2 days ago•3 views

CVE-2026-48519

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" or "Public Flows" in code contains a critical RCE vulnerability. Shareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessi...

9.6CVSS0.00546EPSS

Exploits0References1

Cvelist•added 2 days ago•34 views

CVE-2026-48520 Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read

6.1CVSS0.00218EPSS

Exploits0References1

Cvelist•added 2 days ago•33 views

CVE-2026-48519 Langflow: Unauthenticated RCE in Shareable Playgrounds

9.6CVSS0.00546EPSS

Exploits0References1

CVE•added 2 days ago•29 views

CVE-2026-48519

Langflow CVE-2026-48519 exposes unauthenticated RCE via the Shareable Playground. Affected: Langflow prior to 1.9.2. Vulnerable route: /api/v1/build_public_tmp permits executing any public flow; payloads can inject arbitrary Python code into data.nodes[X].data.node.template.code.value. Impact is ...

9.6CVSS6.3AI score0.00546EPSS

Exploits0References1

Github Security Blog•added 2026/06/16 5:35 p.m.•17 views

Langflow: Unauthenticated RCE in Shareable Playgrounds

Summary The "Shareable Playground" or "Public Flows" in code contains a critical RCE vulnerability. Simply sharing a flow exposes the deployment to RCE risk by authenticated users. Tested on commit 2d67402b1dbaefcbce85a244d4a6cd5e4bda1cfe Details Shareable Playground feature works by enabling the...

9.6CVSS6AI score0.00546EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/06/04 12:0 a.m.•12 views

PT-2026-46232

Name of the Vulnerable Software and Affected Versions LangFlow affected versions not specified Description The Shareable Playground feature allows unauthenticated users to execute workflows via a public link. A flaw in the /api/v1/build public tmp endpoint enables remote code execution by allowin...

9.6CVSS6.4AI score0.00546EPSS

Exploits0References8

Positive Technologies•added 2026/05/28 12:0 a.m.•11 views

PT-2026-44497

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspf char data function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS5.8AI score0.0026EPSS

Exploits0References7

CVE•added 2026/02/19 7:15 p.m.•14 views

CVE-2026-26193

Open WebUI (self-hosted, offline) is affected prior to v0.6.44. The vulnerability arises from allowing manual modification of chat history to set the embeds property on a response message, which is loaded into an iframe with an aggressive sandbox (allow-scripts and allow-same-origin) that bypasse...

7.3CVSS5.5AI score0.00198EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2026/02/19 12:0 a.m.•8 views

PT-2026-20918

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.44 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Manually modifying chat history allows setting the embeds property on a response message. The...

7.3CVSS4.8AI score0.00198EPSS

Exploits1References11

RedhatCVE•added 2026/01/01 11:10 a.m.•2 views

CVE-2025-68131

A flaw was found in cbor2. When a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory. This allows an attacker-controlled message to read sensitive data from previously decoded messages if the decoder is reused across trust...

7.5CVSS6.1AI score0.00423EPSS

Exploits1References5

EUVD•added 2025/12/31 10:1 p.m.•7 views

EUVD-2025-205866

CBORDecoder reuse can leak shareable values across decode calls...

6.9CVSS6.3AI score0.00423EPSS

Exploits1References3

Github Security Blog•added 2025/12/31 10:1 p.m.•16 views

CBORDecoder reuse can leak shareable values across decode calls

Summary When a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory and can be accessed by subsequent CBOR messages using the sharedref tag 29. This allows an attacker-controlled message to read data from previously decoded...

7.5CVSS6.8AI score0.00423EPSS

Exploits1References6Affected Software1

OSV•added 2025/12/31 10:1 p.m.•2 views

GHSA-WCJ4-JW5J-44WH CBORDecoder reuse can leak shareable values across decode calls

6.9CVSS6.7AI score0.00423EPSS

Exploits1References6

NVD•added 2025/12/31 2:15 a.m.•6 views

CVE-2025-68131

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...

7.5CVSS0.00423EPSS

Exploits1References2

OSV•added 2025/12/31 2:15 a.m.•3 views

DEBIAN-CVE-2025-68131

7.5CVSS7.6AI score0.00423EPSS

Exploits1References1

OSV•added 2025/12/31 2:15 a.m.•3 views

AZL-73325 CVE-2025-68131 affecting package python-cbor2 5.6.5-2

7.5CVSS5.7AI score0.00423EPSS

Exploits1References1