漏洞描述
LangFlow 是一款基于 Python 的低代码可视化 AI 应用构建工具,专注于多智能体人工智能(Multi-Agent AI)、提示工程(Prompt Engineering)和检索增强生成(RAG, Retrieval-Augmented Generation)应用的开发。1.3.0之前的Langflow版本存在远程代码执行漏洞,攻击者可以通过/api/v1/validate/code端点发送精心构造的HTTP请求,执行任意代码。
Langflow /api/v1/validate/code 代码执行漏洞(CVE-2025-3248)
PoC代码
暂无相关漏洞推荐
-
CVE-2021-44228: Apache Log4j2 Remote Code Injection POC
2025-09-01 | Apache Log4j2Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not p... -
CVE-2021-45046-DAST: Apache Log4j2 - Remote Code Injection POC
2025-08-01 | Apache Log4j2Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-de... -
CVE-2021-44228: Apache Log4j2 Remote Code Injection POC
2025-08-01 | Apache Log4j2Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not p... -
Wordpress Plugin Depicter /wp-admin/admin-ajax.php depicter-lead-list SQL 注入漏洞(CVE-2025-2011) 无POC
2025-09-19 | WordpressWordPress插件Depicter的滑块和弹出窗口构建器在包括3.6.1版本在内的所有版本中,由于用户提供的参数缺乏足够的转义处理和现有SQL查询的预处理不足,存在通用的SQL注入漏洞。该漏洞可以... -
Wordpress Plugin Eventin /wp-admin/admin-ajax.php proxy_image 文件读取漏洞(CVE-2025-3419) 无POC
2025-09-19 | WordpressEvent Manager, Events Calendar, Tickets, Registrations – Eventin 是一个用于 WordPress 的插件。该漏洞存在于其 proxy_i...