Lucene search
K

120 matches found

EUVD
EUVD
added 2026/07/02 12:31 a.m.9 views

EUVD-2026-41217

An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

5.5CVSS5.8AI score0.00113EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 12:0 a.m.34 views

CVE-2026-36910

An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

0.00113EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 12:0 a.m.12 views

CVE-2026-36910

The vulnerability affects MPC-BE (Aleksoid1978) where an access violation occurs in BaseSplitterFile::Read prior to commit 4341cb3, enabling DoS via a crafted MP4 file. The issue is described consistently across multiple trusted sources (NVD, CVE records, EUVD, CVE list, PT Security, AttackersKB,...

5.5CVSS5.8AI score0.00113EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.9 views

CVE-2025-14816

Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...

9.3CVSS5.6AI score0.00101EPSS
Exploits0References1
NVD
NVD
added 2026/05/17 1:16 p.m.11 views

CVE-2018-25322

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the...

8.6CVSS0.00148EPSS
Exploits0References4
CVE
CVE
added 2026/05/17 12:11 p.m.18 views

CVE-2018-25322

Allok Fast AVI MPEG Splitter 1.2 is affected by a stack-based buffer overflow in the License Name field. An attacker with local access can craft a payload (about 780 bytes of junk data followed by structured shellcode) to overflow the stack and execute code with the application's privileges. The ...

8.6CVSS6.4AI score0.00148EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/17 12:11 p.m.7 views

CVE-2018-25322 Allok Fast AVI MPEG Splitter 1.2 Stack Based Buffer Overflow

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the...

8.6CVSS6.4AI score0.00148EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.42 views

CVE-2018-25322 Allok Fast AVI MPEG Splitter 1.2 Stack Based Buffer Overflow

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the...

8.6CVSS0.00148EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.12 views

PT-2026-41548

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the...

8.6CVSS6.4AI score0.00148EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.11 views

Alloksoft Fast AVI MPEG Splitter 安全漏洞

Alloksoft Fast AVI MPEG Splitter is a multimedia processing tool developed by Alloksoft Corporation, capable of quickly splitting and trimming video files in formats such as AVI and MPEG. Version 1.2 of Alloksoft Fast AVI MPEG Splitter contains a security vulnerability. This vulnerability stems...

8.6CVSS6.4AI score0.00148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/28 8:48 a.m.5 views

CVE-2026-41481

A flaw was found in LangChain and langchain-text-splitters. This vulnerability, a Server-Side Request Forgery SSRF bypass, allows a remote attacker to redirect a seemingly safe URL to internal network resources. By exploiting unvalidated redirects, an attacker could access sensitive data from...

6.5CVSS5.5AI score0.0026EPSS
Exploits0References4
OSV
OSV
added 2026/04/24 9:16 p.m.7 views

PYSEC-2026-77

LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because...

6.5CVSS5.8AI score0.0026EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/24 8:54 p.m.4 views

CVE-2026-41481 LangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass

LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because...

6.5CVSS5.3AI score0.0026EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 8:54 p.m.9 views

EUVD-2026-25634

LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because...

6.5CVSS5.4AI score0.0026EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 8:54 p.m.8 views

CVE-2026-41481

LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because...

6.5CVSS5.4AI score0.0026EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

langchain-text-splitters 代码问题漏洞

langchain-text-splitters is a Python package open-sourced by LangChain. Versions of langchain-text-splitters prior to 1.1.2 had code vulnerabilities. These vulnerabilities stemmed from the use of the splittextfromurl method in HTMLHeaderTextSplitter, which initiated a redirection after verifying...

6.5CVSS5.9AI score0.0026EPSS
Exploits0References1
OSV
OSV
added 2026/04/16 10:53 p.m.10 views

GHSA-FV5P-P927-QMXR LangChain Text Splitters: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass

Summary HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because redirect targets were not revalidated, a URL pointing to an attacker-controlled server could redirect to...

6.5CVSS5.7AI score0.0026EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/08 3:31 p.m.7 views

EUVD-2025-209296

Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...

9.3CVSS5.9AI score0.00101EPSS
Exploits0References4
NVD
NVD
added 2026/04/08 2:16 p.m.7 views

CVE-2025-14816

Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...

9.3CVSS0.00101EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 1:23 p.m.7 views

CVE-2025-14816 Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64

Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...

9.3CVSS5.9AI score0.00101EPSS
Exploits0References3
Rows per page
Query Builder