LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions

Summary Multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an application passes user-influenced prompt configurations to loadprompt or loadpromptfromconfig...

EUVD-2023-24039

Malicious code in bioql PyPI...

CVE-2023-1837

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 with enabled Legacy APIs...

CVE-2023-1837

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 with enabled Legacy APIs...

CVE-2023-1837

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 with enabled Legacy APIs...

Authentication flaw

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 with enabled Legacy APIs...

CVE-2023-1837

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 with enabled Legacy APIs...

CVE-2023-1837

CVE-2023-1837 affects HYPR Server prior to version 8.0 when Legacy APIs are enabled. The vulnerability is a Missing Authentication for a critical function that enables an authentication bypass, with impact on confidentiality, integrity, and availability (per CVSS v3.1 metrics: HIGH, with NETWORK ...

CVE-2023-1837

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 with enabled Legacy APIs...

What’s most important for a CISO in API security?

As threats to networks and systems have changed, so have CISOs’ priorities. API security has grown more important with everything as a service and in the cloud. Todays CISOs must ensure they have a plan for protecting APIs. To learn what’s most crucial when protecting APIs, we surveyed CISOs and...

June 8, 2021—KB5003671 (Monthly Rollup)

June 8, 2021—KB5003671 Monthly Rollup Important: Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases known as "C" releases for this operating system...

June 8, 2021—KB5003696 (Security-only update)

June 8, 2021—KB5003696 Security-only update Important: Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases known as "C" or "D" releases for this operating system. Operating systems in extend...

USN-4689-3 nvidia-graphics-drivers-418-server, nvidia-graphics-drivers-450-server vulnerabilities

It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. CVE-2021-1052 It was discovered that the NVIDIA...

PT-2021-2437 · Nvidia +2 · Nvidia Gpu Display Driver +2

Name of the Vulnerable Software and Affected Versions: NVIDIA GPU Display Driver for Windows and Linux, all versions Description: The issue is related to incorrect access to legacy APIs in the kernel mode layer handler for DxgkDdiEscape or IOCTL, allowing user-mode clients to access privileged...