VeRL 权限许可和访问控制问题漏洞

VeRL is an open-source reinforcement learning framework developed by ByteDance, aimed at optimizing large model training and inference processes. Versions of VeRL prior to 0.7.0 contained vulnerabilities related to permission licensing and access control. These vulnerabilities stemmed from a...

EUVD-2026-22188

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided U...

PT-2026-27310

Name of the Vulnerable Software and Affected Versions furnace versions prior to 0.7 Description An out-of-bounds read issue exists in the furnace software within the extern/libsndfile-modified/src modules when processing flac.C program files. Recommendations Update to a version of furnace at or...

CVE-2026-32096

Plunk (open-source email platform built on AWS SES) contains a Server-Side Request Forgery (SSRF) in the SNS webhook handler prior to version 0.7.0. An unauthenticated attacker could craft a request that forced the server to perform an outbound HTTP GET to any host reachable from the server. The ...

EUVD-2025-205723

Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through = 6.0.7...

DB-GPT SQL注入漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A security vulnerability exists in DB-GPT version 0.7.0, which stems from editorsqlrun and queryex being susceptible to SQL injection attacks that could lead to the execution of arbitrary...

FreeCoAP 安全漏洞

FreeCoAP is a C implementation of the CoAP server, client, and HTTP/CoAP proxy by Keith Cullen, a private developer. A security vulnerability exists in FreeCoAP version 0.7, which stems from a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code or cause a...

AZL-42928 CVE-2024-6104 affecting package prometheus for versions less than 2.37.0-14

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...

LlamaIndex Injection Vulnerability

LlamaIndex is a data framework for LLM applications by the individual developer Jerry Liu. A security vulnerability exists in LlamaIndex version v.0.7.13, which can be exploited to execute arbitrary code via the exec parameter in the PandasQueryEngine function...

Nginx 代码问题漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from the US-based Nginx Corporation. A security vulnerability exists in Nginx NJS version v0.7.5 that stems from a segmentation violation where the JUMP offset of the interrupt directive is not set to the...

Wasmtime 资源管理错误漏洞

Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. A resource management error vulnerability exists in the code generator Cranelift in Wasmtime version 0.37.0, which stems from the fact that its developers may incorrectly be missing...

CVE-2022-2111

Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2...

CVE-2022-27496

Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-38320

The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0...

PT-2021-7814 · Xmill · Xmill

Name of the Vulnerable Software and Affected Versions: Xmill version 0.7 Description: A memory corruption issue exists in the XML-parsing CreateLabelOrAttrib functionality. This can be triggered by a specially crafted XML file, leading to a heap buffer overflow. An attacker can exploit this by...

PDF2JSON 缓冲区错误漏洞

PDF2JSON is a conversion library based on XPDF 3.02 that can be used to convert PDF pages page by page to JSON and XML formats. A security vulnerability exists in the XRef::fetch function in PDF2JSON version 0.70. An attacker could exploit this vulnerability to cause a denial of service...

Anchore Engine Command Execution Vulnerability

Anchore Engine is an open source service from US-based Anchore that analyzes Docker images and applies user-defined acceptance policies to allow automated container image validation and authentication. A security vulnerability exists in Anchore Engine version 0.7.0. An attacker can exploit the...

odata4j sql injection vulnerability

odata4j is a new open source toolkit. A SQL injection vulnerability exists in odata4j version 0.7.0. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit the vulnerability to execute illegal SQL commands...

odata4j sql injection vulnerability (CNVD-2020-24024)

odata4j is a new open source toolkit. A SQL injection vulnerability exists in odata4j version 0.7.0. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit the vulnerability to execute illegal SQL commands...

samurai heap buffer overflow vulnerability

samurai is a ninja-compatible build tool written in C. It can be used in a variety of ways, including. A buffer overflow vulnerability exists in the 'canonpath' function of the util.c file in samurai version 0.7. The vulnerability stems from a networked system or product performing operations in...