82 matches found
LangChain-Chatchat 授权问题漏洞
LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Versions of Langchain-Chatchat 0.3.1.3 and earlier had an authorization vulnerability. This vulnerability stems from a lack of authentication in the functions...
PT-2026-37081
A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list files/retrieve file/retrieve file content/delete file of the file libs/chatchat-server/chatchat/server/api server/openai routes.py of the component Compatible File...
CVE-2026-6625
CVE-2026-6625 affects moxi624 Mogu Blog v2 up to 5.2; the vulnerability is in LocalFileServiceImpl.uploadPictureByUrl (mogu_picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java) and enables server-side request forgery. It can be exploited remotely; the exploit ha...
CVE-2026-6625
A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogupicture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture...
CVE-2026-6625 moxi624 Mogu Blog v2 Picture Storage Service LocalFileServiceImpl.java LocalFileServiceImpl.uploadPictureByUrl server-side request forgery
A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogupicture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture...
PT-2026-33748
A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture...
CVE-2026-34981
The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileService.downloadfromurl in app/services/fileservice.py calls requests.geturl with zero URL validation. The file extension check occurs AFTER the HTTP request is already made, and can be bypassed by...
CVE-2026-2863 feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java deleteFile path traversal
A flaw has been found in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been...
CVE-2026-2863
A flaw has been found in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been...
CVE-2026-2863 feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java deleteFile path traversal
A flaw has been found in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been...
CVE-2026-2863
The CVE-2026-2863 entry describes a path-traversal vulnerability in the deleteFile function of FileServiceImpl.java within feng_ha_ha/megagao ssm-erp and production_ssm (up to a specific commit). Remote exploitability is stated, with a published exploit and continuous delivery practices noted. Pu...
AlmaLinux 8 : git-lfs (ALSA-2025:23745)
The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:23745 advisory. git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 Tenable has extracted the preceding description block directly from the AlmaLinu...
CVE-2025-13814
A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...
CVE-2025-13814 moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery
A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...
EUVD-2025-199972
A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...
CVE-2025-13814
The CVE affects moxi159753 Mogu Blog v2 up to 5.2. The vulnerability is in LocalFileServiceImpl.uploadPictureByUrl (file /file/uploadPicsByUrl) and enables server-side request forgery. Exploitation can be performed remotely and, per sources, a public PoC exists; vendor did not respond to disclosu...
Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56558)
nfsd: make sure exp active before svcexportshow The function eshow was called with protection from RCU. This only ensures that exp will not be freed. Therefore, the reference count for exp can drop to zero, which will trigger a refcount use-after-free warning when expget is called. This plugin on...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Incorrect Check of Function Return Value (CVE-2022-48829)
NFSD: Vulnerability handling large file sizes for NFSv3 improperly capping client size values larger than s64max, leading to unexpected behavior and potential data corruption. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
EUVD-2005-0341
Malware in sbrugna...
EUVD-2003-0374
Malware in sbrugna...