Lucene search
K

194 matches found

NVD
NVD
added 2026/06/22 4:16 p.m.10 views

CVE-2026-7664

IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

9.8CVSS0.00277EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 7:0 p.m.6 views

Security Bulletin: upload filename directly from the multipart Content-Disposition header without sanitization

Summary Langflow OSS 1.2.0 - 1.8.4 are affected by a critical arbitrary file write vulnerability in the files endpoint due to improper handling of uploaded filenames. The application extracts the filename directly from the multipart Content-Disposition header without sanitization and uses unsafe...

6.5CVSS5.5AI score0.00275EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/11 12:16 p.m.15 views

CVE-2023-25969

Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4...

5.4CVSS0.00176EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 10:46 a.m.8 views

EUVD-2023-60589

Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4...

5.4CVSS5.4AI score0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 10:46 a.m.10 views

CVE-2023-25969 WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.8.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4...

5.4CVSS7.8AI score0.00176EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.10 views

WordPress plugin Contact Form and Lead Form Elementor Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.4CVSS8.4AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/05 2:20 a.m.7 views

CVE-2026-7687

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...

6.5CVSS6.3AI score0.01666EPSS
Exploits0References1
NVD
NVD
added 2026/05/03 9:16 a.m.21 views

CVE-2026-7687

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...

6.5CVSS0.01666EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/03 8:45 a.m.94 views

CVE-2026-7687 langflow-ai langflow Full Builtins code_parser.py CodeParser.parse_callable_details command injection

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...

6.5CVSS0.01666EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.9 views

Langflow 注入漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.4 and earlier have a injection vulnerability, which stems from the function eval in the lambdafilter.p file within the component LambdaFilterComponent...

6.5CVSS6.7AI score0.00291EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/30 9:11 p.m.31 views

CVE-2026-3345 Path Traversal and Arbitrary File Write Vulnerability in IBM Langflow Desktop API v2 File Upload Endpoint

IBM Langflow Desktop =1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS0.00374EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 9:11 p.m.2 views

CVE-2026-3345

IBM Langflow Desktop =1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS5.6AI score0.00374EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/30 9:11 p.m.9 views

CVE-2026-3345

IBM Langflow Desktop API v2 File Upload Endpoint (POST /api/v2/files) is vulnerable to a path traversal due to improper validation/sanitation of user-supplied filenames passed to LocalStorageService, allowing authenticated attackers to write files outside the intended upload directory and potenti...

6.5CVSS5.6AI score0.00374EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/30 9:6 p.m.3 views

EUVD-2026-26425

IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

6.4CVSS4.9AI score0.00157EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/30 8:48 p.m.3 views

EUVD-2026-26435

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key...

7.5CVSS5.2AI score0.0034EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.8 views

PT-2026-36189

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

6.5CVSS5.5AI score0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.4 views

PT-2026-36190

Name of the Vulnerable Software and Affected Versions IBM Langflow Desktop versions 1.0.0 through 1.8.4 Description An unauthenticated user can view images belonging to other users. This is possible due to an indirect object reference through a user-controlled key. Recommendations At the moment,...

7.5CVSS5.8AI score0.0034EPSS
Exploits0References6
OSV
OSV
added 2026/04/12 12:30 p.m.4 views

GHSA-822V-8W6H-5JXP Warm-Flow has a SpEL Expression Injection in SpelHelper.parseExpression

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

6.3CVSS6.3AI score0.00301EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/12 12:0 a.m.7 views

Warm-Flow 代码注入漏洞

Warm-Flow is a workflow engine developed by Dromara. Versions of Warm-Flow 1.8.4 and earlier contained a code injection vulnerability. This vulnerability stemmed from the improper handling of parameters listenerPath, skipCondition, and permissionFlag by the SpelHelper.parseExpression function in...

6.5CVSS6.7AI score0.00301EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.7 views

PT-2026-32157

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

6.5CVSS6.3AI score0.00301EPSS
Exploits0References6
Rows per page
Query Builder