GHSA-3HJH-JH2H-VRG6 Denial of service in langchain-community

Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...

PYSEC-2024-118

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...

RHEL 7 : libwebp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libwebp: use of uninitialized value in ReadSymbol CVE-2018-25014 - A heap-based buffer overflow was found...

CVE-2024-1930

No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the opensession D-Bus method. For each...

The vulnerability of the fromDhcpListClient function in the Tenda W30E router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the fromDhcpListClient function in the Tenda W30E router software relates to the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected informatio...

LangChain's XMLOutputParser vulnerable to XML Entity Expansion

The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html This primarily affects users that combine an LLM or agent with the XMLOutputParser and expose the component...

GHSA-Q84M-RMW3-4382 LangChain's XMLOutputParser vulnerable to XML Entity Expansion

The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html This primarily affects users that combine an LLM or agent with the XMLOutputParser and expose the component...

LangChain 安全漏洞

LangChain builds applications using LLM through composability. A security vulnerability exists in LangChain that originates from allowing an attacker to generate a malicious payload for the parser via LLM, thereby compromising the availability of the service...

CVE-2023-52381

Script injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability...

CVE-2023-52381

Script injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability...

Code injection

Script injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability...

CVE-2023-52381

The CVE-2023-52381 entry corresponds to a script injection vulnerability in Huawei HarmonyOS/EMUI mail module. The CNVD CNVD-2024-31083 document confirms an in-component script injection that can allow an attacker to execute arbitrary code on affected systems. The NVD/NVD-derived description simi...

CVE-2023-52369

Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity...

CVE-2023-52367

Vulnerability of improper access control in the media library module.Successful exploitation of this vulnerability may affect service availability and integrity...

CVE-2023-52369

Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity...

Improper access control

Vulnerability of improper access control in the media library module.Successful exploitation of this vulnerability may affect service availability and integrity...

Stack overflow

Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity...

CVE-2023-52369

Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity...

CVE-2023-52369

Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity...

CVE-2023-52369

CVE-2023-52369 is a stack overflow vulnerability in the NFC module with a reported impact on availability and integrity. NVD records a CVSS v3.1 base score of 9.1 (CRITICAL) with network access, low complexity, no privileges required, and no user interaction, affecting the NFC-related component a...