Lucene search
K

82 matches found

CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

LangChain-Chatchat 授权问题漏洞

LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Versions of Langchain-Chatchat 0.3.1.3 and earlier had an authorization vulnerability. This vulnerability stems from a lack of authentication in the functions...

6.3CVSS6.6AI score0.00322EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.13 views

PT-2026-37081

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list files/retrieve file/retrieve file content/delete file of the file libs/chatchat-server/chatchat/server/api server/openai routes.py of the component Compatible File...

6.3CVSS6.4AI score0.00322EPSS
Exploits0References7
CVE
CVE
added 2026/04/20 9:30 a.m.19 views

CVE-2026-6625

CVE-2026-6625 affects moxi624 Mogu Blog v2 up to 5.2; the vulnerability is in LocalFileServiceImpl.uploadPictureByUrl (mogu_picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java) and enables server-side request forgery. It can be exploited remotely; the exploit ha...

7.5CVSS6.5AI score0.003EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 9:30 a.m.4 views

CVE-2026-6625

A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogupicture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture...

7.5CVSS6.5AI score0.003EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/20 9:30 a.m.32 views

CVE-2026-6625 moxi624 Mogu Blog v2 Picture Storage Service LocalFileServiceImpl.java LocalFileServiceImpl.uploadPictureByUrl server-side request forgery

A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogupicture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture...

7.5CVSS0.003EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.10 views

PT-2026-33748

A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture...

7.5CVSS6.5AI score0.003EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/07 5:6 p.m.5 views

CVE-2026-34981

The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileService.downloadfromurl in app/services/fileservice.py calls requests.geturl with zero URL validation. The file extension check occurs AFTER the HTTP request is already made, and can be bypassed by...

5.8CVSS5.9AI score0.00252EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/21 6:2 a.m.26 views

CVE-2026-2863 feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java deleteFile path traversal

A flaw has been found in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been...

5.5CVSS0.00369EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/21 6:2 a.m.4 views

CVE-2026-2863

A flaw has been found in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been...

5.5CVSS5.3AI score0.00369EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/21 6:2 a.m.6 views

CVE-2026-2863 feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java deleteFile path traversal

A flaw has been found in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been...

5.5CVSS5.4AI score0.00369EPSS
Exploits0References5
CVE
CVE
added 2026/02/21 6:2 a.m.19 views

CVE-2026-2863

The CVE-2026-2863 entry describes a path-traversal vulnerability in the deleteFile function of FileServiceImpl.java within feng_ha_ha/megagao ssm-erp and production_ssm (up to a specific commit). Remote exploitability is stated, with a published exploit and continuous delivery practices noted. Pu...

5.5CVSS5.3AI score0.00369EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/12/22 12:0 a.m.4 views

AlmaLinux 8 : git-lfs (ALSA-2025:23745)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:23745 advisory. git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 Tenable has extracted the preceding description block directly from the AlmaLinu...

8.6CVSS5.2AI score0.00707EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/02 8:23 a.m.6 views

CVE-2025-13814

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...

9.8CVSS7.3AI score0.00461EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/01 7:32 a.m.14 views

CVE-2025-13814 moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...

7.5CVSS0.00461EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/01 7:32 a.m.7 views

EUVD-2025-199972

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...

7.5CVSS6.2AI score0.00461EPSS
Exploits1References6
CVE
CVE
added 2025/12/01 7:32 a.m.16 views

CVE-2025-13814

The CVE affects moxi159753 Mogu Blog v2 up to 5.2. The vulnerability is in LocalFileServiceImpl.uploadPictureByUrl (file /file/uploadPicsByUrl) and enables server-side request forgery. Exploitation can be performed remotely and, per sources, a public PoC exists; vendor did not respond to disclosu...

9.8CVSS7.2AI score0.00461EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.2 views

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56558)

nfsd: make sure exp active before svcexportshow The function eshow was called with protection from RCU. This only ensures that exp will not be freed. Therefore, the reference count for exp can drop to zero, which will trigger a refcount use-after-free warning when expget is called. This plugin on...

7.8CVSS6.9AI score0.00224EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.3 views

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Incorrect Check of Function Return Value (CVE-2022-48829)

NFSD: Vulnerability handling large file sizes for NFSv3 improperly capping client size values larger than s64max, leading to unexpected behavior and potential data corruption. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

5.5CVSS6.7AI score0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-0341

Malware in sbrugna...

5CVSS6.4AI score0.03198EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2003-0374

Malware in sbrugna...

5CVSS6.4AI score0.01659EPSS
Exploits0References2
Rows per page
Query Builder