Tencent WeKnora 代码问题漏洞

Tencent WeKnora is a LLM-based framework developed by Tencent China. It features deep document understanding using the RAG paradigm, semantic retrieval, and context-aware answers. Versions of Tencent WeKnora prior to 0.3.0 contained code vulnerabilities. These vulnerabilities were caused by a DNS...

WeKnora 安全漏洞

WeKnora is an open-source framework based on LLM developed by Tencent. It features deep document understanding using the RAG paradigm, semantic retrieval, and context-aware answers. Prior to version 0.3.0, WeKnora had security vulnerabilities. These vulnerabilities were caused by tool name...

CVE-2025-62611 aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server

aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL...

MolecularFaces Cross-Site Scripting Vulnerability

MolecularFaces is a collection of reusable UI components for Java Server Faces JSF from the IPB Halle Institute. A security vulnerability exists in versions of MolecularFaces prior to 0.3.0 that stems from vulnerability to cross-site scripting attacks, which allow remote attackers to execute...

vrite Security Vulnerabilities

vrite is an open source collaborative space for creating, managing and deploying product documentation, technical blogs and knowledge bases from vrite, Inc. A security vulnerability exists in vrite versions prior to 0.3.0 that stems from the presence of a resource allocation error vulnerability...

SAMSUNG mTower 缓冲区错误漏洞

SAMSUNG mTower is a new Trusted Execution Environment TEE from Samsung South Korea. A security vulnerability exists in SAMSUNG mTower versions prior to 0.3.0, which stems from a buffer access in its TEEMACComputeFinal function with an incorrect length value vulnerability that allows a trusted...

CVE-2022-25298

This affects the package sprinfall/webcc before 0.3.0. It is possible to traverse directories to fetch arbitrary files from the server...

PT-2021-23079 · Unknown · In-Toto-Golang

Name of the Vulnerable Software and Affected Versions: in-toto-golang versions prior to 0.3.0 Description: The issue allows authenticated attackers posing as functionaries to create attestations that may bypass DISALLOW rules in the same layout. An attacker with access to trusted private keys may...

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. buffer overflow vulnerabilities exist in versions of Mozilla Rust prior to 0.3.0, stemming from the ticketedlock crate in Rust. there are unconditional Send implementations for ReadTicket and WriteTicket, which...

PYSEC-2020-93

A heap overflow in Sqreen PyMiniRacer aka Python Mini Racer before 0.3.0 allows remote attackers to potentially exploit heap corruption...

PYSEC-2019-116

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...