116 matches found
CVE-2025-14816
Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...
CVE-2018-25322
Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the...
CVE-2018-25322 Allok Fast AVI MPEG Splitter 1.2 Stack Based Buffer Overflow
Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the...
CVE-2018-25322 Allok Fast AVI MPEG Splitter 1.2 Stack Based Buffer Overflow
Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the...
CVE-2018-25322
Allok Fast AVI MPEG Splitter 1.2 is affected by a stack-based buffer overflow in the License Name field. An attacker with local access can craft a payload (about 780 bytes of junk data followed by structured shellcode) to overflow the stack and execute code with the application's privileges. The ...
PT-2026-41548
Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the...
Alloksoft Fast AVI MPEG Splitter 安全漏洞
Alloksoft Fast AVI MPEG Splitter is a multimedia processing tool developed by Alloksoft Corporation, capable of quickly splitting and trimming video files in formats such as AVI and MPEG. Version 1.2 of Alloksoft Fast AVI MPEG Splitter contains a security vulnerability. This vulnerability stems...
CVE-2026-41481
A flaw was found in LangChain and langchain-text-splitters. This vulnerability, a Server-Side Request Forgery SSRF bypass, allows a remote attacker to redirect a seemingly safe URL to internal network resources. By exploiting unvalidated redirects, an attacker could access sensitive data from...
PYSEC-2026-77
LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because...
EUVD-2026-25634
LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because...
CVE-2026-41481 LangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass
LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because...
CVE-2026-41481
LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because...
langchain-text-splitters 代码问题漏洞
langchain-text-splitters is a Python package open-sourced by LangChain. Versions of langchain-text-splitters prior to 1.1.2 had code vulnerabilities. These vulnerabilities stemmed from the use of the splittextfromurl method in HTMLHeaderTextSplitter, which initiated a redirection after verifying...
GHSA-FV5P-P927-QMXR LangChain Text Splitters: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass
Summary HTMLHeaderTextSplitter.splittextfromurl validated the initial URL using validatesafeurl but then performed the fetch with requests.get with redirects enabled the default. Because redirect targets were not revalidated, a URL pointing to an attacker-controlled server could redirect to...
EUVD-2025-209296
Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...
CVE-2025-14816
Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...
CVE-2025-14816
The connected PT-2026-30802 advisory confirms CVE-2025-14816 as a local vulnerability affecting Mitsubishi Electric GENESIS64, ICONICS Suite/MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64 (and related Iconics Digital Solutions variants). The root cause is cleartext storage/display ...
CVE-2025-14816 Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64
Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...
CVE-2025-14816 Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64
Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...
EUVD-2018-21680
Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service or execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious payload exceeding 780 bytes, paste it into the...