24h | 7d | 30d

CVE-2025-3248

Overview

  • langflow-ai
  • langflow
07 Apr 2025
Published
29 Nov 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
92.08%
KEV

Description

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
HackerNoon @hackernoon.com
I found CVE-2026-33017, a Critical 9.3 unauthenticated RCE in Langflow, by looking at the code path the previous CISA KEV fix (CVE-2025-3248) missed. #aisecurity
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-21513

Overview

  • Microsoft
  • Windows 10 Version 1607
10 Feb 2026
Published
16 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
6.94%
KEV

Description

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Trendmicro~ Pawn Storm exploits zero-days (CVE-2026-21513, CVE-2026-21509) deploying PRISMEX malware against Ukraine & NATO allies. - IOCs: wellnesscaremed. com - #APT28 #PRISMEX #ThreatIntel
  • 0
  • 0
  • 0
  • 16h ago
Showing 51 to 52 of 52 CVEs