Lucene search
K

271 matches found

Vulnrichment
Vulnrichment
added 2026/02/10 9:51 p.m.2 views

CVE-2026-26013 LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Reque...

3.7CVSS5.7AI score0.00379EPSS
Exploits0References3
OSV
OSV
added 2026/02/10 9:51 p.m.3 views

CVE-2026-26013 LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Reque...

3.7CVSS5.7AI score0.00379EPSS
Exploits0References5
CVE
CVE
added 2026/02/10 9:51 p.m.22 views

CVE-2026-26013

The CVE affects LangChain’s ChatOpenAI component, where get_num_tokens_from_messages() can fetch arbitrary image_url values without validation when counting tokens for vision-enabled models, enabling SSRF by user-provided URLs. Root cause: insufficient validation of image_url during token countin...

3.7CVSS5.7AI score0.00379EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.12 views

LangChain 代码问题漏洞

LangChain is an open-source framework developed by LangChain for creating applications powered by large language models LLMs. Versions of LangChain prior to 1.2.11 contained code vulnerabilities. These vulnerabilities stemmed from the ChatOpenAI.getnumtokensfrommessages method, which did not...

3.7CVSS5.9AI score0.00379EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.4 views

PT-2026-7475

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 1.2.11 Description LangChain is a framework used for building applications powered by large language models LLMs. A flaw exists in the ChatOpenAI.get num tokens from messages method where it retrieves image URLs...

3.7CVSS5.4AI score0.00379EPSS
Exploits0References13
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.5 views

WordPress Featured Image from URL (FIFU) plugin <= 5.2.7 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin Featured Image from URL versions = 5.2.7...

4.9CVSS5.9AI score0.00306EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.5 views

PT-2025-49202

Name of the Vulnerable Software and Affected Versions Featured Image via URL plugin for WordPress versions prior to 0.1 Description The plugin is susceptible to arbitrary file uploads because of a lack of file type validation. Attackers with Contributor-level access or higher can upload any file ...

8.8CVSS7.5AI score0.0048EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.4 views

WordPress plugin Featured Image via URL 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

8.8CVSS7.8AI score0.0048EPSS
Exploits0References2
NVD
NVD
added 2025/11/03 1:15 p.m.6 views

CVE-2025-12626

A security flaw has been discovered in jeecgboot jeewx-boot up to 641ab52c3e1845fec39996d7794c33fb40dad1dd. This affects the function getImgUrl of the file WxActGoldeneggsPrizesController.java. Performing manipulation of the argument imgurl results in path traversal. Remote exploitation of the...

5.3CVSS0.0034EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/01 9:30 a.m.12 views

EUVD-2025-37429

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfeaturedimagefromexternalurl function in all versions up to, and including, 1.1.32. This makes it possible f...

9.8CVSS7AI score0.00975EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/01 12:0 a.m.6 views

PT-2025-44715

Name of the Vulnerable Software and Affected Versions Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent versions up to and including 1.1.32 Description The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is susceptible...

9.8CVSS7.7AI score0.00975EPSS
Exploits0References13
OSV
OSV
added 2025/10/20 7:15 p.m.8 views

CVE-2025-61488

An issue in Senayan Library Management System SLiMS 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrapimage.php component and the imageURL parameter...

7.6CVSS6.2AI score0.0033EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/20 12:0 a.m.5 views

CVE-2025-61488

An issue in Senayan Library Management System SLiMS 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrapimage.php component and the imageURL parameter...

7.6AI score0.0033EPSS
Exploits0References1
CVE
CVE
added 2025/10/07 7:22 a.m.26 views

CVE-2025-7400

CVE-2025-7400 – Featured Image from URL (FIFU) for WordPress is a Stored Cross-Site Scripting flaw in all versions up to 5.2.7, exploitable by an authenticated attacker with Contributor-level access or higher via the post’s Featured Image custom fields. Root cause: insufficient input sanitization...

6.4CVSS4.7AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-7563

Malware in sbrugna...

9.8CVSS9.2AI score0.02074EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-10262

Malware in sbrugna...

6.1CVSS6.3AI score0.00826EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2004-0705

Malware in sbrugna...

2.1CVSS6.4AI score0.00292EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-13182

Malware in sbrugna...

5.3CVSS5.5AI score0.01626EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/07 12:0 a.m.3 views

WordPress plugin Featured Image from URL 跨站脚本漏洞

WordPress Featured Image from URL plugin is a plugin for solving WordPress website featured image FeaturedImage related problems. The WordPress Featured Image from URL plugin suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of custom...

6.4CVSS6AI score0.0018EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/10/06 10:35 p.m.5 views

WordPress Featured Image from URL (FIFU) plugin <= 5.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image Custom Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Featured Image Custom Fields vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Featured Image from URL versions = 5.2.7...

6.4CVSS5.6AI score0.0018EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder