19982 matches found
CVE-2026-40087
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...
EUVD-2026-21063
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...
CVE-2026-40087
LangChain CVE-2026-40087 affects the f-string prompt-template validation prior to versions 0.3.84 and 1.2.28. The vulnerability arises because DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and evaluate them during formatting,...
LangChain 安全漏洞
LangChain is an open-source framework developed by LangChain for creating applications powered by large language models LLMs. Versions of LangChain prior to 0.3.84 and 1.2.28 contained security vulnerabilities. These vulnerabilities stemmed from incomplete validation of f-string template fields,...
GHSA-926X-3R5X-GFHW LangChain has incomplete f-string validation in prompt templates
LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate...
PT-2026-31716
Name of the Vulnerable Software and Affected Versions LangChain versions prior to 0.3.84 and prior to 1.2.28 Description LangChain's f-string prompt-template validation was incomplete, allowing attribute access and indexing expressions in templates for DictPromptTemplate and ImagePromptTemplate...
CVE-2026-5212
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...
EUVD-2026-17662
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...
CVE-2026-5212
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...
CVE-2026-34400
Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...
CVE-2026-5212 D-Link DNS-1550-04 webdav_mgr.cgi Webdav_Upload_File stack-based overflow
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...
EUVD-2016-10841
NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the...
UBUNTU-CVE-2016-20043
NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the...
CVE-2016-20043
NRSS RSS Reader 0.3.9-1 is affected by a local stack buffer overflow. An attacker can pass an oversized argument to the -F parameter, crafting input with 256 bytes of padding followed by a controlled EIP value to overwrite the return address and execute arbitrary code. This is a local vulnerabili...
NRSS Reader 缓冲区错误漏洞
NRSS Reader is a desktop reading tool developed by NRSS Corporation, designed for subscribing to and reading RSS information sources. Version 0.3.9-1 of NRSS Reader contains a buffer overflow vulnerability. This vulnerability stems from a stack buffer overflow, which could allow local attackers t...
CVE-2026-32844
XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...
CVE-2026-23320
Removed by vendor...
CVE-2026-32844
XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...
CVE-2026-32844 XinLiangCoder / php_api_doc Reflected XSS via list_method.php
XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...
CVE-2026-32844
XinLiangCoder php_api_doc contains a reflected XSS via list_method.php (GET parameter f) after commit 1ce5bbf. Unsanitized input is echoed to the page, enabling execution of arbitrary JavaScript in victims’ browsers. Impact cited includes session hijacking, credential theft, or malware distributi...