Server-side Request Forgery (SSRF)

Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper validation of apiurl and apikey fields in baggage headers in RunTree.fromheaders and...

CVE-2026-25528 LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...

CVE-2026-25528 LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...

LangSmith Client SDKs 代码问题漏洞

LangSmith Client SDKs are a developer toolkit open-sourced by LangChain. Versions of LangSmith Client SDKs prior to 0.6.3 and 0.4.6 contained code vulnerabilities. These vulnerabilities stemmed from the distributed tracking feature not verifying HTTP headers, which could lead to server-side reque...

CasaOS < 0.4.7 Path Traversal Vulnerability - Version Check

CasaOS is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:icewhale:casaos"; if descripti...

EUVD-2007-0701

Malware in sbrugna...

EUVD-2018-0023

Malware in sbrugna...

EUVD-2018-0024

Malware in sbrugna...

arbor-ai (>=0.1.5 <=0.1.14), coreason-runtime (>=0.1.0 <=0.3.0) +9 more potentially affected by CVE-2025-10164 via sglang (>=0.4.6.post5 <=0.5.2)

sglang PYPI version =0.4.6.post5, =0.1.5, =0.1.0, =1.1.0, =2.0.0b40, =0.0.1, =0.1.0, =0.1.0, =0.0.1.post1, =0.0.0, =0.8.0, =0.10.7 Source cves: CVE-2025-10164 Source advisory: SNYK:PYTHON-SGLANG-12705358...

CVE-2025-10164

A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /updateweightsfromtensor. The manipulation of the argument serializednamedtensors results in deserialization. The attack can be launched remotely. The exploit has been releas...

LMSYS SGLang 代码问题漏洞

LMSYS SGLang is a large language model inference engine from LMSYS open source. A code issue vulnerability exists in LMSYS SGLang version 0.4.6, which stems from a misbehavior of the parameter serializednamedtensors of the function main in the file /updateweightsfromtensor resulting in...

PT-2025-36911

Name of the Vulnerable Software and Affected Versions lmsys sglang version 0.4.6 Description A security flaw exists in lmsys sglang version 0.4.6. The issue involves the main function within the /update weights from tensor file, which is susceptible to deserialization due to manipulation of the...

Linux Distros Unpatched Vulnerability : CVE-2017-17554

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference DoS Vulnerability was found in the function aubiosourceavcodecreadframe in io/sourceavcodec.c of aubio 0.4.6, which may lead to DoS...

CVE-2025-48305 WordPress Goal Tracker for Patreon plugin <= 0.4.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vikingjs Goal Tracker for Patreon allows Stored XSS. This issue affects Goal Tracker for Patreon: from n/a through 0.4.6...

CVE-2025-48305

CVE-2025-48305 affects the WordPress plugin Goal Tracker for Patreon (versions up to 0.4.6) with a stored XSS due to improper input neutralization during web page generation. Connected sources corroborate the vulnerability type (Stored XSS) and affected version range, and Patchstack/PTSecurity gu...

CVE-2025-48305 WordPress Goal Tracker for Patreon plugin <= 0.4.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vikingjs Goal Tracker for Patreon goal-tracker-for-patreon allows Stored XSS.This issue affects Goal Tracker for Patreon: from n/a through = 0.4.6...

WordPress plugin Goal Tracker for Patreon 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Linux Distros Unpatched Vulnerability : CVE-2018-14522

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubiopitchsetunit in pitch/pitch.c, as demonstrated by aubionotes. CVE-2018-14522 Note that...

WordPress Goal Tracker for Patreon plugin <= 0.4.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Vinit Lakra Patchstack Alliance in WordPress Plugin Goal Tracker for Patreon versions = 0.4.6...

Linux Distros Unpatched Vulnerability : CVE-2023-46129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The...