Lucene search
K

19982 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/09 7:34 p.m.3 views

CVE-2026-40087

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/04/09 7:34 p.m.5 views

EUVD-2026-21063

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References7
CVE
CVE
added 2026/04/09 7:34 p.m.22 views

CVE-2026-40087

LangChain CVE-2026-40087 affects the f-string prompt-template validation prior to versions 0.3.84 and 1.2.28. The vulnerability arises because DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and evaluate them during formatting,...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

LangChain 安全漏洞

LangChain is an open-source framework developed by LangChain for creating applications powered by large language models LLMs. Versions of LangChain prior to 0.3.84 and 1.2.28 contained security vulnerabilities. These vulnerabilities stemmed from incomplete validation of f-string template fields,...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References7
OSV
OSV
added 2026/04/08 9:51 p.m.5 views

GHSA-926X-3R5X-GFHW LangChain has incomplete f-string validation in prompt templates

LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same attribute-access validation as PromptTemplate. In particular, DictPromptTemplate and ImagePromptTemplate...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.7 views

PT-2026-31716

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 0.3.84 and prior to 1.2.28 Description LangChain's f-string prompt-template validation was incomplete, allowing attribute access and indexing expressions in templates for DictPromptTemplate and ImagePromptTemplate...

5.3CVSS4.8AI score0.00262EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.5 views

CVE-2026-5212

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

9CVSS7.7AI score0.00737EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/31 9:31 p.m.7 views

EUVD-2026-17662

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

9CVSS7.7AI score0.00737EPSS
Exploits1References7
NVD
NVD
added 2026/03/31 9:16 p.m.5 views

CVE-2026-5212

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

9CVSS0.00737EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/31 9:0 p.m.5 views

CVE-2026-34400

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

6.9CVSS5.8AI score0.00505EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/03/31 8:15 p.m.33 views

CVE-2026-5212 D-Link DNS-1550-04 webdav_mgr.cgi Webdav_Upload_File stack-based overflow

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

9CVSS0.00737EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/28 12:30 p.m.5 views

EUVD-2016-10841

NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the...

8.6CVSS6.4AI score0.00203EPSS
Exploits1References4
OSV
OSV
added 2026/03/28 12:16 p.m.6 views

UBUNTU-CVE-2016-20043

NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the...

8.6CVSS6.5AI score0.00203EPSS
Exploits1References5
CVE
CVE
added 2026/03/28 11:58 a.m.10 views

CVE-2016-20043

NRSS RSS Reader 0.3.9-1 is affected by a local stack buffer overflow. An attacker can pass an oversized argument to the -F parameter, crafting input with 256 bytes of padding followed by a controlled EIP value to overwrite the return address and execute arbitrary code. This is a local vulnerabili...

8.6CVSS6.4AI score0.00203EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.7 views

NRSS Reader 缓冲区错误漏洞

NRSS Reader is a desktop reading tool developed by NRSS Corporation, designed for subscribing to and reading RSS information sources. Version 0.3.9-1 of NRSS Reader contains a buffer overflow vulnerability. This vulnerability stems from a stack buffer overflow, which could allow local attackers t...

8.6CVSS6.4AI score0.00203EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-32844

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...

6.1CVSS6AI score0.00257EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/25 10:27 a.m.4 views

CVE-2026-23320

Removed by vendor...

5.9AI score0.00022EPSS
Exploits0
NVD
NVD
added 2026/03/20 6:16 p.m.6 views

CVE-2026-32844

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...

6.1CVSS0.00257EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/20 5:26 p.m.22 views

CVE-2026-32844 XinLiangCoder / php_api_doc Reflected XSS via list_method.php

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...

6.1CVSS0.00257EPSS
Exploits0References2
CVE
CVE
added 2026/03/20 5:26 p.m.11 views

CVE-2026-32844

XinLiangCoder php_api_doc contains a reflected XSS via list_method.php (GET parameter f) after commit 1ce5bbf. Unsanitized input is echoed to the page, enabling execution of arbitrary JavaScript in victims’ browsers. Impact cited includes session hijacking, credential theft, or malware distributi...

6.1CVSS6AI score0.00257EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder