271 matches found
CVE-2026-26013 LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Reque...
CVE-2026-26013 LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Reque...
CVE-2026-26013
The CVE affects LangChain’s ChatOpenAI component, where get_num_tokens_from_messages() can fetch arbitrary image_url values without validation when counting tokens for vision-enabled models, enabling SSRF by user-provided URLs. Root cause: insufficient validation of image_url during token countin...
LangChain 代码问题漏洞
LangChain is an open-source framework developed by LangChain for creating applications powered by large language models LLMs. Versions of LangChain prior to 1.2.11 contained code vulnerabilities. These vulnerabilities stemmed from the ChatOpenAI.getnumtokensfrommessages method, which did not...
PT-2026-7475
Name of the Vulnerable Software and Affected Versions LangChain versions prior to 1.2.11 Description LangChain is a framework used for building applications powered by large language models LLMs. A flaw exists in the ChatOpenAI.get num tokens from messages method where it retrieves image URLs...
WordPress Featured Image from URL (FIFU) plugin <= 5.2.7 - Authenticated (Admin+) SQL Injection vulnerability
Authenticated Admin+ SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin Featured Image from URL versions = 5.2.7...
PT-2025-49202
Name of the Vulnerable Software and Affected Versions Featured Image via URL plugin for WordPress versions prior to 0.1 Description The plugin is susceptible to arbitrary file uploads because of a lack of file type validation. Attackers with Contributor-level access or higher can upload any file ...
WordPress plugin Featured Image via URL 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
CVE-2025-12626
A security flaw has been discovered in jeecgboot jeewx-boot up to 641ab52c3e1845fec39996d7794c33fb40dad1dd. This affects the function getImgUrl of the file WxActGoldeneggsPrizesController.java. Performing manipulation of the argument imgurl results in path traversal. Remote exploitation of the...
EUVD-2025-37429
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfeaturedimagefromexternalurl function in all versions up to, and including, 1.1.32. This makes it possible f...
PT-2025-44715
Name of the Vulnerable Software and Affected Versions Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent versions up to and including 1.1.32 Description The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is susceptible...
CVE-2025-61488
An issue in Senayan Library Management System SLiMS 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrapimage.php component and the imageURL parameter...
CVE-2025-61488
An issue in Senayan Library Management System SLiMS 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrapimage.php component and the imageURL parameter...
CVE-2025-7400
CVE-2025-7400 – Featured Image from URL (FIFU) for WordPress is a Stored Cross-Site Scripting flaw in all versions up to 5.2.7, exploitable by an authenticated attacker with Contributor-level access or higher via the post’s Featured Image custom fields. Root cause: insufficient input sanitization...
EUVD-2019-7563
Malware in sbrugna...
EUVD-2018-10262
Malware in sbrugna...
EUVD-2004-0705
Malware in sbrugna...
EUVD-2018-13182
Malware in sbrugna...
WordPress plugin Featured Image from URL 跨站脚本漏洞
WordPress Featured Image from URL plugin is a plugin for solving WordPress website featured image FeaturedImage related problems. The WordPress Featured Image from URL plugin suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of custom...
WordPress Featured Image from URL (FIFU) plugin <= 5.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image Custom Fields vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Featured Image Custom Fields vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Featured Image from URL versions = 5.2.7...