21 matches found
CVE-2026-42561
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...
CVE-2026-42561
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...
DEBIAN-CVE-2026-42561
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...
UBUNTU-CVE-2026-42561
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...
CVE-2026-42561
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...
CVE-2026-42561
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...
CVE-2026-42561
Python-Multipart contains a denial-of-service vulnerability in MultipartParser header parsing prior to 0.0.27, due to unbounded numbers/sizes of part headers. An attacker could exhaust CPU by sending many headers or a very large header value in multipart/form-data. The issue is fixed in version 0...
CVE-2026-42561 Python-Multipart: Denial of Service via unbounded multipart part headers
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...
python-multipart 安全漏洞
python-multipart is a Python-based streaming multipart parser developed by Marcelo Trylesinski. Versions of python-multipart prior to 0.0.27 contained a security vulnerability; this vulnerability stemmed from the unlimited parsing of multipart headers, which could lead to denial-of-service attack...
PT-2026-38278
Name of the Vulnerable Software and Affected Versions python-multipart versions prior to 0.0.27 Description A denial of service issue exists in the multipart part header parsing of the MultipartParser when processing multipart/form-data. The parser lacked limits on the number of part headers and...
Exploit for CVE-2025-62878
CVE-2025-62878: Local Path Provisioner Path Traversal Over...
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the STACKGLOBAL opcode parsing process. An attacker can bypass detection mechanisms by crafting a malicio...
LangChain Community SSRF vulnerability exists in RequestsToolkit component
A Server-Side Request Forgery SSRF vulnerability exists in the RequestsToolkit component of the langchain-community package specifically, langchaincommunity.agenttoolkits.openapi.toolkit.RequestsToolkit in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does n...
CVE-2025-2828
A Server-Side Request Forgery SSRF vulnerability exists in the RequestsToolkit component of the langchain-community package specifically, langchaincommunity.agenttoolkits.openapi.toolkit.RequestsToolkit in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does n...
PYSEC-2025-70
A Server-Side Request Forgery SSRF vulnerability exists in the RequestsToolkit component of the langchain-community package specifically, langchaincommunity.agenttoolkits.openapi.toolkit.RequestsToolkit in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does n...
PYSEC-2025-70
A Server-Side Request Forgery SSRF vulnerability exists in the RequestsToolkit component of the langchain-community package specifically, langchaincommunity.agenttoolkits.openapi.toolkit.RequestsToolkit in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does n...
CVE-2025-2828
A Server-Side Request Forgery SSRF vulnerability exists in the RequestsToolkit component of the langchain-community package specifically, langchaincommunity.agenttoolkits.openapi.toolkit.RequestsToolkit in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does n...
CVE-2025-2828 SSRF Vulnerability in RequestsToolkit in langchain-ai/langchain
A Server-Side Request Forgery SSRF vulnerability exists in the RequestsToolkit component of the langchain-community package specifically, langchaincommunity.agenttoolkits.openapi.toolkit.RequestsToolkit in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does n...
LangChain 代码问题漏洞
LangChain is a LangChain open source framework for developing applications powered by the Large Language Model LLM. A code issue vulnerability exists in LangChain version 0.0.27, which stems from an unrestricted request address in the RequestsToolkit component that could lead to server-side reque...
LangChain < 0.0.27 SSRF
The version of LangChain installed on the remote host is prior to 0.0.27. It is, therefore, affected by a server-side request forgery SSRF vulnerability in the function loadlocal in the library libs/community/langchaincommunity/retrievers/tfidf.py of the component TFIDFRetriever. Note that Nessus...