2 matches found
EUVD-2026-21692
A Cross-site Scripting XSS vulnerability was identified in the fromdict method of the AppLollmsMessage class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the content field when deserializing user-provided data. This allows a...
glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory
A flaw was found in dict.c:dictunserialize function of glusterfs, dicunserialize function does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value...