96 matches found
CVE-2026-41488 angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's urltosize helper used by getnumtokensfrommessages for image token counting validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS...
PT-2026-35087
Name of the Vulnerable Software and Affected Versions langchain-openai versions prior to 1.1.14 Description The url to size helper function, utilized by get num tokens from messages for image token counting, contains a Time-of-Check to Time-of-Use TOCTOU flaw. The function validates URLs for...
Server-side Request Forgery (SSRF)
Overview langchain-openai is an An integration package connecting OpenAI and LangChain Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the image token counting urltosize function. An attacker can access internal network resources by exploiting a DNS...
EUVD-2026-16383
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...
CVE-2026-3529 Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...
CVE-2026-3529 Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...
Drupal Google Analytics GA4 安全漏洞
Drupal Google Analytics GA4 is an integrated module for website traffic statistics and analysis developed by the Drupal company. Versions of Drupal Google Analytics GA4 prior to 1.1.14 contained a security vulnerability caused by improper input handling, which could lead to cross-site scripting...
CVE-2026-28016
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Luxury Wine luxury-wine allows PHP Local File Inclusion.This issue affects Luxury Wine: from n/a through = 1.1.14...
EUVD-2026-9721
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Tiger Claw tiger-claw allows PHP Local File Inclusion.This issue affects Tiger Claw: from n/a through = 1.1.14...
EUVD-2026-9565
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Green Planet green-planet allows PHP Local File Inclusion.This issue affects Green Planet: from n/a through = 1.1.14...
CVE-2026-28061
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Tiger Claw tiger-claw allows PHP Local File Inclusion.This issue affects Tiger Claw: from n/a through = 1.1.14...
CVE-2026-22439
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Green Planet green-planet allows PHP Local File Inclusion.This issue affects Green Planet: from n/a through = 1.1.14...
CVE-2026-28061 WordPress Tiger Claw theme <= 1.1.14 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Tiger Claw tiger-claw allows PHP Local File Inclusion.This issue affects Tiger Claw: from n/a through = 1.1.14...
CVE-2026-28061
CVE-2026-28061 is a Local File Inclusion vulnerability in the ThemeREX Tiger Claw WordPress theme, affecting versions up to and including 1.1.14. The issue stems from improper control of filenames in Include/Require statements, enabling PHP Local File Inclusion. Public references in the connected...
CVE-2026-28016 WordPress Luxury Wine theme <= 1.1.14 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Luxury Wine luxury-wine allows PHP Local File Inclusion.This issue affects Luxury Wine: from n/a through = 1.1.14...
CVE-2026-22439 WordPress Green Planet theme <= 1.1.14 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Green Planet green-planet allows PHP Local File Inclusion.This issue affects Green Planet: from n/a through = 1.1.14...
CVE-2026-22439
CVE-2026-22439 covers an Local File Inclusion in the WordPress theme Green Planet by AncoraThemes, affecting versions up to and including 1.1.14. The issue is described as improper control of the filename for include/require statements in PHP, enabling inclusion of local files (PHP LFI). The CVSS...
WordPress plugin Tiger Claw 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Luxury Wine 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-23186
Name of the Vulnerable Software and Affected Versions AncoraThemes Green Planet versions through 1.1.14 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of...