543 matches found
CVE-2026-6587 vibrantlabsai RAGAS Collections util.py _try_process_url server-side request forgery
A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...
ragas 安全漏洞
Ragas is an open-source toolkit developed by Vibrant Labs for optimizing and evaluating large language models. Versions of Ragas 0.4.3 and earlier contained a security vulnerability. This vulnerability stemmed from improper handling of the parameter retrievedcontexts in the...
PT-2026-33656
A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function try process local file/ try process url of the file src/ragas/metrics/collections/multi modal faithfulness/util.py of the component Collections Module. Performing a manipulation of the...
Swiss-Bench 003: Evaluating LLM Reliability and Adversarial Security for Swiss Regulatory Contexts
The deployment of large language models LLMs in Swiss financial and regulatory contexts demands empirical evidence of both production reliability and adversarial security, dimensions not jointly operationalized in existing Swiss-focused evaluation frameworks. This paper introduces Swiss-Bench 003...
Linux Distros Unpatched Vulnerability : CVE-2026-34877
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures...
CLSA-2026-1775212043 opencryptoki: Fix of CVE-2026-23893
CVE-2026-23893: fix symlink-following vulnerabilities in privileged contexts...
EUVD-2026-18394
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...
DEBIAN-CVE-2026-34877
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...
CVE-2026-34877
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...
PT-2026-29820
Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.19.0 through 3.6.5, Mbed TLS version 4.0.0 Description A flaw exists in Mbed TLS that, due to insufficient protection of serialized SSL context or session structures, could allow an attacker who can modify these structures ...
Mbed TLS 安全漏洞
Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed TLS. Mbed TLS versions 3.6.5 and earlier, as well as version 4.0.0, have security vulnerabilities. These vulnerabilities stem from insufficient protection for serialized SSL contexts or session...
CVE-2026-34877
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...
CLSA-2026-1774952276 opencryptoki: Fix of CVE-2026-23893
CVE-2026-23893: fix symlink-following vulnerabilities in privileged contexts...
Cross-site Scripting (XSS)
Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS when sanitized HTML is reinserted into a new parsing context using innerHTML and special wrappers such as script, xmp, iframe,...
EUVD-2026-16250
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...
SUSE CVE-2026-23919
For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...
SUSE CVE-2026-28406
kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A ta...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the blkaddTrace function using the thiscpu operation within preemptible contexts, potentially leading t...
EUVD-2026-14950
For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...
CVE-2026-23919
For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...