207 matches found
PT-2026-20907
Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...
PT-2026-6657
Name of the Vulnerable Software and Affected Versions EPyT-Flow versions prior to 0.16.1 Description EPyT-Flow is a Python package used for generating hydraulic and water quality scenario data for water distribution networks. The REST API parses attacker-controlled JSON request bodies using a...
MiracleLinux 8 : python3.11-PyMySQL-1.0.2-2.el8_10 (AXSA:2024-8537:01)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8537:01 advisory. python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 Tenable has extracted the preceding description block directly from the...
MiracleLinux 9 : python3.12-PyMySQL-1.1.0-3.el9 (AXSA:2024-9377:02)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9377:02 advisory. python-pymysql: SQL injection if used with untrusted JSON input CVE-2024-36039 Tenable has extracted the preceding description block directly from the...
UBUNTU-CVE-2026-21869
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...
CVE-2026-21869 llama.cpp has Out-of-bounds Write in llama-server
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...
CVE-2026-21869
CVE-2026-21869 affects llama.cpp prior to commit 55d4206c9, where the server’s completion endpoints parse the non‑negative constraint for the JSON input parameter n_discard without validation. A negative n_discard can cause a reversed range/offset in llama_memory_seq_rm/add, leading to out‑of‑bou...
CVE-2026-21869
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...
defacemeter
DefaceMeter DefaceMeter is a small, static, browser-based pro...
LibreChat 安全漏洞
LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A security vulnerability exists in LibreChat 0.8.0 and prior versions that stems from insufficient validation of JSON request input, which may result in unintended prompt modifications...
EUVD-2025-199979
Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...
EUVD-2021-13493
Malware in sbrugna...
EUVD-2018-8788
Malware in sbrugna...
EUVD-2020-30640
Malware in sbrugna...
EUVD-2022-3656
Malicious code in bioql PyPI...
EUVD-2022-1166
Malicious code in bioql PyPI...
EUVD-2025-19228
Malicious code in bioql PyPI...
EUVD-2025-29233
Malicious code in bioql PyPI...
EUVD-2025-1819
Malicious code in bioql PyPI...
EUVD-2024-44044
Malicious code in bioql PyPI...