21 matches found
CVE-2026-48776 LangGraph SDK has unsafe URL path construction
LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request paths for resource...
CVE-2026-23967
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a...
CVE-2026-23966
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...
CVE-2026-23966 sm-crypto Affected by Private Key Recovery in SM2-PKE
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...
CVE-2026-23966
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...
CVE-2026-23966
CVE-2026-23966 (sm-crypto) affects the JavaScript library implementing SM2/SM3/SM4. The vulnerability resides in the SM2 decryption logic, where an attacker can recover the private key by repeatedly invoking the SM2 decryption interface. The issue exists in versions prior to 0.3.14; version 0.3.1...
CVE-2026-23966 sm-crypto Affected by Private Key Recovery in SM2-PKE
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...
CVE-2026-23967 sm-crypto Affected by Signature Malleability in SM2-DSA
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a...
Ollama 安全漏洞
Ollama is an Ollama open source large-scale language model that can be started and run locally. A security vulnerability exists in Ollama version 0.3.14 and earlier, which stems from the fact that uploading a custom GGUF model file may cause the server to allocate unlimited memory, leading to a...
Ollama 缓冲区错误漏洞
Ollama is a large language model that can be started and run locally from the Ollama open source. A buffer error vulnerability exists in Ollama versions 0.3.14 and earlier, which originates from an out-of-bounds read in the gguf.go file and could lead to a denial of service attack...
Ollama 代码问题漏洞
Ollama is a large language model that can be started and run locally from the Ollama open source. A code issue vulnerability exists in Ollama version 0.3.14 and earlier, which stems from unchecked null pointer dereferences and could lead to a denial of service attack...
Ollama 数字错误漏洞
Ollama is a large language model that can be started and run locally from the Ollama open source. A numeric error vulnerability exists in Ollama version 0.3.14 and earlier, which stems from a divide-by-zero error in the ggufPadding function, and could lead to a server crash and denial-of-service...
PT-2025-12311 · Ollama · Ollama
Name of the Vulnerable Software and Affected Versions: ollama/ollama versions 0.3.14 and earlier Description: A malicious user can create a customized GGUF model file, upload it to the Ollama server, and create it, causing the server to allocate unlimited memory. This leads to a Denial of Service...
SUSE CVE-2024-39719
An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the...
CVE-2020-24331 affecting package trousers for versions less than 0.3.14-7
CVE-2020-24331 affecting package trousers for versions less than 0.3.14-7. A patched version of the package is available...
PT-2021-22568 · Gnome +8 · Gnome Grilo +8
Name of the Vulnerable Software and Affected Versions: GNOME grilo versions prior to 0.3.14 Description: The issue is related to the lack of TLS certificate verification in the SoupSessionAsync objects created by grl-net-wc.c, making users susceptible to network man-in-the-middle MITM attacks...
CVE-2020-24330 affecting package trousers 0.3.14-7
CVE-2020-24330 affecting package trousers 0.3.14-7. A patched version of the package is available...
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user it fails to drop the root gid privilege when no longer needed.
...
AZL-6925 CVE-2020-24330 affecting package trousers for versions less than 0.3.14-7
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed...
PT-2020-15683 · Trousers +6 · Trousers +6
Name of the Vulnerable Software and Affected Versions: TrouSerS versions prior to 0.3.14 Description: An issue was discovered where the tss user still has read and write access to the /etc/tcsd.conf file, which contains various settings related to the tcsd daemon, if the daemon is started with ro...