PT-2026-28599

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 1.2.22 Description Multiple functions within langchain core.prompts.loading read files from paths embedded in deserialized configuration dictionaries without validating against absolute path injection or directory...

CVE-2025-57403

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...

EUVD-2025-205449

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...

CVE-2025-57403

Cola Dnslog v1.3.2 is affected by a Directory Traversal vulnerability in the DNS TXT query handling. The root cause is the application concatenating the requested URL (or a portion) with a base path via os.path.join, allowing directory traversal or absolute path injection and potentially exposing...

CVE-2021-30173

CVE-2021-30173 involves a Local File Inclusion vulnerability in the omni-directional communication system (Jun-He/Junghee/Junghee-type Total Communication System). The issue arises when an authenticated attacker injects an absolute path into the Url parameter, enabling access to arbitrary files o...