CVE-2026-0770 Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability

Langflow execglobals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific...

CVE-2026-0770

Langflow is affected by a Remote Code Execution vulnerability (CVE-2026-0770) due to inclusion of functionality from an untrusted control sphere in the exec_globals handling of the validate endpoint. The Nuclei and PoC material indicate the flaw exists in Langflow’s validate_code path (e.g., /api...

CVE-2026-0770

Langflow execglobals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific...

CVE-2026-0768

Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...

CVE-2026-0768 Langflow code Code Injection Remote Code Execution Vulnerability

Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the nftchainvalidate function potentially entering a recursive loop, which may lead to a CPU soft...

Azure Linux 3.0 Security Update: kernel (CVE-2025-22001)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22001 advisory. - In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in...

EUVD-2026-3731

Malicious code in oce-validate npm...

Malicious Package

Overview oce-validate is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in oce-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cc6b17601336bdff3872b33d794187edf7b7a3779e96d01d0eb1081e043ecf5 The package oce-validate was found to contain malicious code. Source: ghsa-malware 4e0413e75c3bcfe39d1a45db99c6ac3968db6c708667e30eb88879f9fd483331 A...

MAL-2026-423 Malicious code in oce-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cc6b17601336bdff3872b33d794187edf7b7a3779e96d01d0eb1081e043ecf5 The package oce-validate was found to contain malicious code. Source: ghsa-malware 4e0413e75c3bcfe39d1a45db99c6ac3968db6c708667e30eb88879f9fd483331 A...

MiracleLinux 7 : rh-nodejs12-nodejs-nodemon-2.0.3-1.el7, rh-nodejs12-nodejs-12.20.1-1.el7 (AXSA:2021-1451:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1451:01 advisory. nodejs-mixin-deep: prototype pollution in function mixin-deep CVE-2019-10746 nodejs-set-value: prototype pollution in function set-value...

MiracleLinux 7 : rh-nodejs14-nodejs-14.15.4-2.el7 (AXSA:2021-1397:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1397:01 advisory. nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS CVE-2020-7754 nodejs-y18n: prototype pollution...

CVE-2025-12718

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

CVE-2025-12718

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

CVE-2025-12718

CVE-2025-12718 pertains to the Quick Contact Form plugin for WordPress. A vulnerability in the qcf_validate_form AJAX endpoint permits a user-controlled parameter to set the from address, enabling unauthenticated attackers to relay mail through the server to arbitrary recipients (Open Mail Relay)...

CVE-2025-12718 Quick Contact Form <= 8.2.6 - Unauthenticated Open Mail Relay

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

PT-2026-3337

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcf validate form' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004761)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004761 advisory. An integer overflow flaw was found in the Linux kernels virtio device driver code in the way a user triggers the vhostvdpaconfigvalidate function. This flaw allows a...

SUSE CVE-2025-68783

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: validate meter packet indices getmeterlevelsfromurb parses the 64-byte meter packets sent by the device and fills the per-channel arrays meterlevel, complevel and masterlevel in struct...