airunner (>=3.0.0 <=3.1.14), llama-index-packs-arize-phoenix-query-engine (>=0.0.2 <=0.1.4) +2 more potentially affected by CVE-2025-3225 via llama-index-readers-web (>=0.0.1 <=0.3.5)

llama-index-readers-web PYPI version =0.0.1, =3.0.0, =0.0.2, =0.1.0, =0.1.0, =0.2.8 Source cves: CVE-2025-3225 Source advisory: SNYK:PYTHON-LLAMAINDEXREADERSWEB-10645574...

CVE-2025-6787

The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartdocssearch' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2025-6787

The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartdocssearch' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2025-6787

The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartdocssearch' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2025-6787 Smart Docs <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartdocssearch' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2025-6787

CVE-2025-6787 affects WordPress Smart Docs plugin: stored XSS via the smartdocs_search shortcode due to insufficient input sanitization/output escaping. Affected versions are up to 1.1.0. Exploitation requires at least contributor-level authentication and can inject scripts executed when users vi...

CVE-2025-6787 Smart Docs <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartdocssearch' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

WordPress plugin Smart Docs 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2025-27854 · WordPress · Smart Docs

Name of the Vulnerable Software and Affected Versions: Smart Docs plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'smartdocs search' shortcode due to insufficient input sanitization and output escaping on...

WordPress Smart Docs plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Smart Docs versions = 1.1.0...

Wikimedia Mediawiki - MintyDocs Extension 安全漏洞

Wikimedia Mediawiki - MintyDocs Extension is a document creation and management extension from the Wikimedia Foundation. A security vulnerability exists in Wikimedia Mediawiki - MintyDocs Extension that stems from improper input neutralization and could lead to a stored cross-site scripting attac...

Fedora: Security Advisory (FEDORA-2025-47cf891973)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-QMGV-J263-QR33 Langchain-Chatchat has a Path Traversal vulnerability

A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function uploadtempdocs of the file /knowledgebase/uploadtempdocs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to...

Langchain-Chatchat has a Path Traversal vulnerability

A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function uploadtempdocs of the file /knowledgebase/uploadtempdocs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to...

Directory Traversal

Overview langchain-chatchat is a Langchain-Chatchat formerly langchain-ChatGLM, local knowledge based LLM like ChatGLM, Qwen and Llama RAG and Agent app with langchain Affected versions of this package are vulnerable to Directory Traversal via the parsefile function in the...

CVE-2025-5526

The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user...

LangChain-Chatchat 路径遍历漏洞

LangChain-Chatchat is a Chatchat-Space open source chatbot software developed based on the LangChain framework. A path traversal vulnerability exists in LangChain-Chatchat 0.3.1 and earlier versions, which stems from path traversal due to incorrect manipulation of the parameter flag in the file...

PT-2025-27354 · Unknown · Langchain-Chatchat

Name of the Vulnerable Software and Affected Versions: Langchain-Chatchat versions up to 0.3.1 Description: A critical vulnerability has been found in Langchain-Chatchat, affecting the upload temp docs function of the /knowledge base/upload temp docs file in the Backend component. The manipulatio...

Fedora 41 : python3-docs / python3.13 (2025-098fa1945a)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-098fa1945a advisory. Update to 3.13.5, this release fixes the following CVEs: CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, CVE-2025-4435, and CVE 2025-4517 Tenable has extracted...

WordPress BuddyPress Docs plugin < 2.2.5 - Subscriber+ Arbitrary Document Read/Update vulnerability

Subscriber+ Arbitrary Document Read/Update vulnerability discovered by Terrence Bosco, Alexus Bosco, Andrew Risorto in WordPress Plugin BuddyPress Docs versions 2.2.5...