Lucene search
K

78 matches found

Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-37083

Name of the Vulnerable Software and Affected Versions Langchain-Chatchat versions prior to 0.3.1.4 Description A time-of-check time-of-use TOCTOU issue exists in the OpenAI-Compatible File Upload API component. Manipulation of the file.filename argument within the files function located in the...

2.6CVSS6.1AI score0.00162EPSS
Exploits0References13
NVD
NVD
added 2026/04/15 4:16 p.m.4 views

CVE-2026-30617

LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When...

8.6CVSS0.00472EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 12:0 a.m.5 views

CVE-2026-30617

LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When...

6.5AI score0.00472EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/15 12:0 a.m.26 views

CVE-2026-30617

LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When...

0.00472EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.12 views

LangChain-Chatchat 安全漏洞

LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Version 0.3.1 of LangChain-Chatchat contains a security vulnerability. This vulnerability stems from improper configuration and execution of the MCP STDIO server, which may allow...

8.6CVSS6.4AI score0.00472EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-19477

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00482EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-19478

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00552EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-19479

Malicious code in bioql PyPI...

5.3CVSS4.9AI score0.00472EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/07/01 10:18 a.m.12 views

CVE-2025-6855

A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...

5.5CVSS5.5AI score0.00552EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/07/01 8:52 a.m.11 views

CVE-2025-6853

A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function uploadtempdocs of the file /knowledgebase/uploadtempdocs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to...

6.5CVSS7.3AI score0.00482EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/07/01 8:52 a.m.9 views

CVE-2025-6854

A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to...

5.3CVSS7.4AI score0.00472EPSS
Exploits1References1
Snyk
Snyk
added 2025/06/29 9:30 a.m.7 views

Directory Traversal

Overview langchain-chatchat is a Langchain-Chatchat formerly langchain-ChatGLM, local knowledge based LLM like ChatGLM, Qwen and Llama RAG and Agent app with langchain Affected versions of this package are vulnerable to Directory Traversal via the purpose parameter in the /v1/files endpoint. An...

5.3CVSS7.4AI score0.00472EPSS
Exploits1References2
OSV
OSV
added 2025/06/29 9:30 a.m.7 views

GHSA-F823-PHMG-X5FR Langchain-Chatchat vulnerable to path traversal

A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...

5.5CVSS6.7AI score0.00552EPSS
Exploits1References6
OSV
OSV
added 2025/06/29 9:30 a.m.6 views

GHSA-8V8H-4PJX-RG73 Langchain-Chatchat vulnerable to path traversal

A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to...

5.3CVSS6.7AI score0.00472EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/06/29 9:30 a.m.16 views

Langchain-Chatchat vulnerable to path traversal

A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...

8.8CVSS6.7AI score0.00552EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/29 9:30 a.m.8 views

Langchain-Chatchat vulnerable to path traversal

A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to...

5.3CVSS6.7AI score0.00472EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/29 9:30 a.m.7 views

Langchain-Chatchat has a Path Traversal vulnerability

A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function uploadtempdocs of the file /knowledgebase/uploadtempdocs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to...

9.8CVSS7AI score0.00482EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/06/29 9:30 a.m.4 views

GHSA-QMGV-J263-QR33 Langchain-Chatchat has a Path Traversal vulnerability

A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function uploadtempdocs of the file /knowledgebase/uploadtempdocs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to...

6.3CVSS7AI score0.00482EPSS
Exploits1References6
NVD
NVD
added 2025/06/29 9:15 a.m.12 views

CVE-2025-6855

A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...

8.8CVSS0.00552EPSS
Exploits1References4
NVD
NVD
added 2025/06/29 9:15 a.m.20 views

CVE-2025-6854

A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to...

5.3CVSS0.00472EPSS
Exploits1References4
Rows per page
Query Builder