EUVD-2025-32198

Malicious code in bioql PyPI...

EUVD-2025-32014

Malicious code in bioql PyPI...

CVE-2025-59835 LangBot has a cross-directory file upload vulnerability, which could lead to system takeover

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the...

CVE-2025-59835 LangBot has a cross-directory file upload vulnerability, which could lead to system takeover

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the...

LangBot 代码问题漏洞

LangBot is a large model of LangBot open source instant messaging bot development platform. A code issue vulnerability exists in LangBot versions 4.1.0 through 4.3.5, which stems from the /api/v1/files/documents interface not strictly limiting the server file storage directory, which could lead t...

CVE-2025-59686

Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id...

PT-2025-40252

Name of the Vulnerable Software and Affected Versions Kazaar version 1.25.12 Description The software allows calls to /api/v1/org-id/orders/order-id/documents with a modified order-id. This could potentially lead to unauthorized access or manipulation of data. Recommendations Apply any available...

PYSEC-2019-174

Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/...