LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents

Cybersecurity researchers have disclosed a now-patched security flaw in LangChain's LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts. The vulnerability, which carries a CVSS score of 8.8 out of a maximum of 10.0, has been codenamed AgentSmi...

PT-2024-32382 · Unknown · Computer Vision Annotation Tool

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.19.0 Description: The issue allows an attacker to initiate API calls on behalf of a logged-in user if they can trick the user into visiting a maliciously-constructed URL. This gives the...

Cisco Smart Software Manager On-Prem 安全漏洞

Cisco Smart Software Manager On-Prem SSM On-Prem is a component of Cisco for Cisco product license management.An elevation of privilege vulnerability exists in previous versions of Cisco Smart Software Manager On-Prem 8-202206, which stems from insufficient protection of sensitive user informatio...

PT-2019-19913

Name of the Vulnerable Software and Affected Versions: WPGraphQL version 0.2.3 Description: An issue was discovered in the WPGraphQL plugin for WordPress, where an unauthenticated attacker can retrieve all WordPress users' details, including email address, role, and username, by querying the...