Hermes Agent 路径遍历漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring self-learning capabilities. Version 0.8.0 of Hermes Agent contains a path traversal vulnerability. This vulnerability stems from improper handling of unknown functions in the file gateway/platforms/wecom.py, which may lead to...

CC Switch 安全漏洞

CC Switch is a multi-model command-line tool manager developed by Jason Young. Versions of CC Switch 3.12.3 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of unknown functions in the ProxyServer component’s file src-tauri/src/proxy/server.rs...

Langflow code injection vulnerability

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a code injection vulnerability, which arises from the possibility of introducing custom code when handling Python function components. This vulnerability may lead t...

TOTOLINK N600R 命令注入漏洞

The TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, supporting concurrent operation in the 2.4GHz and 5GHz bands with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a command injection vulnerability that originates from...

PT-2024-25942 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 4.13 Description: The issue arises from the Component Server in Gradio not properly considering is server fn for functions. This can lead to security risks if function calls do not take is server fn into account...

deepmerge-ts 安全漏洞

deepmerge-ts is an npm package. It is used to deep merge 2 or more objects with respect to type information. A security vulnerability exists in versions of deepmerge-ts prior to 2.0.2, which stems from the lack of handling of merge functions and is susceptible to prototype contamination...

mariadb: save_window_function_values triggers an abort during IN subquery

savewindowfunctionvalues in MariaDB before 10.6.3 allows an application crash because of incorrect handling of withwindowfunc=true for a subquery...

Adobe Acrobat Reader DC Path Join Out of Bounds Read (APSB21-37: CVE-2021-28554)

An out of bounds read vulnerability has been reported in Adobe Acrobat Reader DC. The vulnerability is due to improper handling of relative paths in calls to the app.openDoc JavaScript function...

Ubuntu 14.04 LTS / 16.04 LTS : Perl vulnerabilities (USN-3625-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3625-1 advisory. It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang,...

[Full-Disclosure] GNATS (The GNU bug-tracking system) multiple buffer overflow vulnerabilities.

======================================== INetCop Security Advisory 2003-0x82-018 ======================================== Title: GNATS The GNU bug-tracking system multiple buffer overflow vulnerabilities. 0x01. Description About: GNATS is a portable incident/bug report/help request-tracking syste...

Security Update for SQL Server 2017 RTM GDR (KB4505224)

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions. An attacker who successfully exploited this vulnerability could execute code in the context of the SQL Server Database Engine service account. To exploit the...