CVE-2026-48981

The CVE-2026-48981 issue affects pam_usb for Linux, where in versions prior to 0.9.2 the module loads its configuration via xmlReadFile() with flags=0. This allows libxml2 to process external entity references (XXE) during XML parsing, potentially causing outbound network connections or local fil...

LangChain Core < 1.2.22 Path Traversal (GHSA-qh6h-p6c9-ff54)

The version of LangChain Core installed on the remote host is prior to 1.2.22. It is, therefore, affected by a path traversal vulnerability: - Multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory...

CVE-2026-34070

LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an...

PDFsam Enhanced 代码问题漏洞

PDFsam Enhanced is a PDF editing and management tool from PDFsam, Inc. A code issue vulnerability exists in PDFsam Enhanced that stems from an OpenSSL configuration that loads configuration files from insecure locations, potentially resulting in local elevation of privilege...

Siemens RUGGEDCOM ROX II Command Injection Vulnerability (CNVD-2026-00016)

Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from a command injection vulnerability that is caused by insufficient authentication during the installation and loading of certain configuration files. An attacker...

CVE-2024-56837

Siemens RUGGEDCOM ROX II family devices (ROX II) prior to v2.17.0 are affected by a code-injection vulnerability caused by insufficient validation during installation and loading of certain configuration files. Several sources document that an attacker could exploit this to spawn a reverse shell ...

Rapid7 AppSpider Pro 安全漏洞

Rapid7 AppSpider Pro is a dynamic application security testing solution from Rapid7, Inc. that allows you to scan Web and mobile applications for vulnerabilities. A security vulnerability exists in Rapid7 AppSpider Pro versions prior to 7.5.021 that stems from an access control flaw in the...

Siemens多款产品 竞争条件问题漏洞

Siemens RUGGEDCOM RST2428P and others are a server communication device from Siemens Canada. A competitive condition issue vulnerability exists in various Siemens products that stems from a competitive condition that could lead to the loading of an attacker-controlled configuration. The following...

The vulnerability of D-Link DIR-850 router’s microprogramming software, related to errors during the loading of configuration files, allows a hacker to redirect users to any arbitrary URL address.

The vulnerability of D-Link DIR-850 router’s microprogramming software is related to errors during the loading of configuration files. Exploiting this vulnerability can allow a malicious actor to redirect users to any desired URL address...

The vulnerability of the jw.util package, related to errors in checking the processed YAML files during configuration loading, allows a attacker to execute arbitrary operating system commands.

The vulnerability of the jw.util package is related to errors during the validation of YAML files processed when loading configuration files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the operating system...

SImiik <=v1.6.2.1 xss + rce

1.XSS Examples: python3 -m simiki.cli new -t "Hello S...