red

3 exploits Active since Mar 2026
CVE-2026-5027 GITHUB HIGH python WORKING POC
Langflow - Path Traversal Arbitrary File Write via upload_user_file
The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../').
CVSS 8.8
EIP-2026-120682 EXPLOITDB text WORKING POC
RiteCMS 3.1.0 - Authenticated Remote Code Execution
EIP-2026-120683 EXPLOITDB text WORKING POC
WBCE CMS 1.6.4 - Remote Code Execution