64 matches found
CVE-2026-46526
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...
CVE-2026-46526 Local Deep Research: SSRF bypass in `safe_get`
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...
Local Deep Research 代码问题漏洞
Local Deep Research is an AI search assistant developed by LearningCircuit. Versions of Local Deep Research prior to 1.6.10 contained code vulnerabilities. These vulnerabilities stemmed from defects in the URL checking logic, which could be exploited by attackers, leading to SSRF attacks...
PT-2026-44472
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validate url to validate the input URL. Th...
JLSEC-2026-469 An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM)...
An integer overflow leading to a heap-buffer overflow was found in The X Input Method XIM client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are...
Exploit for Deserialization of Untrusted Data in Roundcube Webmail
CVE-2025-49113 — Roundcube Post-Auth RCE via PHP Object Deseri...
CVE-2021-27186
Fluent Bit 1.6.10 has a NULL pointer dereference when an flbmalloc return value is not validated by flbavro.c or httpserver/api/v1/metrics.c...
EUVD-2019-19735
InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to proces...
CVE-2019-25464
InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to proces...
CVE-2019-25464
InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to proces...
CVE-2019-25464 InputMapper 1.6.10 Local Denial of Service via Username Field
InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to proces...
InputMapper 安全漏洞
InputMapper is a game controller input mapping software developed by InputMapper Inc. Version 1.6.10 of InputMapper contains a security vulnerability. This vulnerability stems from a buffer overflow in the user name field, which could allow local attackers to cause the application to crash...
CVE-2026-0735
The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tabcolorpickerlanguageswitch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-0745
The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the 'downloadlanguage' function. This makes it possible for authenticated attackers, with Administrator-level access and above, ...
WordPress plugin User Language Switch 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-8065
The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tab color picker language switch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress User Language Switch plugin <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'tabcolorpickerlanguageswitch' Parameter vulnerability discovered by 0x34rth in WordPress Plugin User Language Switch versions = 1.6.10...
EUVD-2024-30343
Malicious code in bioql PyPI...
EUVD-2025-3945
Malicious code in bioql PyPI...
EUVD-2025-24770
Malicious code in bioql PyPI...