7 matches found
EUVD-2026-28647
Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role “member” in a project could request the update of an...
langfuse 访问控制错误漏洞
Langfuse is an open-source large language model engineering platform developed by Langfuse. Versions 3.68.0 to 3.167.0 contained a access control vulnerability. This vulnerability stemmed from a role-based access control flaw in the LLM connection update process. It could allow low-privilege user...
CVE-2023-54280
In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...
PT-2025-6973 · Unknown +2 · Oauthimap Plugin +2
Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.0 through 10.0.17 Description: The issue allows unauthorized access to GLPI when a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, leveraging existing Oauth...
Heap-based Buffer Overflow
libzephyr.so is vulnerable to a Heap-based Buffer Overflow. The vulnerability is due to inadequate validation of buffer lengths in BLE connection update operations, which could lead to a divide by zero condition...
CVE-2024-4785
BT: Missing Check in LLCONNECTIONUPDATEIND Packet Leads to Division by Zero...
CVE-2023-2683 Connection update while closing connection may lead to denial-of-service
A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error...