Filtered by vendor Langflow
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3248 | 1 Langflow | 1 Langflow | 2025-05-07 | N/A | 9.8 CRITICAL |
| Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. | |||||
| CVE-2024-37014 | 1 Langflow | 1 Langflow | 2024-11-21 | N/A | 9.8 CRITICAL |
| Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. | |||||