LangChain 代码问题漏洞

LangChain is an open-source framework developed by LangChain for creating applications powered by large language models LLMs. Versions of LangChain prior to 1.1.14 contained code vulnerabilities. These vulnerabilities stemmed from the urltosize helper function in langchain-openai, which, after...

CVE-2026-31889

Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based...

Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw, and reac...

GHSA-C4P7-RWRG-PF6P Shopware vulnerable to a potential take over of app credentials

Summary We identified and fixed a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. By abusing app re‑registration, an attacker could redirect app traffic to an...

CVE-2025-61939

CVE-2025-61939 concerns Columbia Weather Systems MicroServer. An unused function can initiate a reverse SSH connection to a vendor-registered domain without mutual authentication. An attacker on a local network with admin access to the MicroServer web portal and the ability to manipulate DNS resp...

EUVD-2016-1018

Malware in sbrugna...

EUVD-2017-9264

Malware in sbrugna...

EUVD-2024-2518

Malicious code in bioql PyPI...

By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container (CVE-2024-29018)

github.com/docker/docker/libnetwork is a package that provides a native Go implementation for connecting containers Affected versions of this package are vulnerable to Improper Control of a Resource Through its Lifetime, allowing DNS requests from internal networks to be forwarded to an external...

CVE-2024-43411

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 and above. In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on...

DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight

Certificate authority CA DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificate...

DigiCert Certificate Revocations

Update 9:00 a.m., EDT, July 31, 2024: DigiCert has provided updated information and revocation timelines which can be found by visiting: https://status.digicert.com/link is external CISA encourages customers to contact DigiCert if unable to reissue/rekey certificates by the updated revocation...

Updated python-werkzeug packages fix security vulnerability

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...

DEBIAN-CVE-2022-42333

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

SUSE CVE-2015-2751

Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service host lock via unspecified domctl operations...

Samba Privilege Escalation Vulnerability (CVE-2022-32744)

Samba is prone to a privilege escalation vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

Microsoft DFSCoerce Domain Control Privilege Vulnerability

Windows Server is a server operating system for Windows introduced by Microsoft on April 24, 2003, with the Microsoft Windows Server System WSS at its core. Microsoft DFSCoerce has a domain control privilege exploit, which can be exploited by an attacker to request the certificate of a domain...

dotnet: NuGet Credential leak due to loss of control of third party symbol server domain

.NET and Visual Studio Information Disclosure Vulnerability...

Insecure Cookies

scrapy is using insecure cookies. The vulnerability exists in cookie.py because the cookie-setting is not restricted based on the public suffix list which allows an attacker to inject cookies from a controlled domain...

H2 Database Console Remote Code Execution

Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL database using a browser interface. Homepage: http://www.h2database.com/html/quickstart.html Affecte...