Text Generation Web UI 安全漏洞

Text Generation Web UI is a local AI UI interface developed by oobabooga’s individual developers. Versions of Text Generation Web UI prior to 4.3 contained security vulnerabilities. These vulnerabilities stemmed from an unauthenticated path traversal vulnerability in the loadgrammar function, whi...

CVE-2026-35441

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus' GraphQL endpoints /graphql and /graphql/system did not deduplicate resolver invocations within a single request. An authenticated user could exploit GraphQL aliasing to repeat an expensive...

CVE-2026-34755

A flaw was found in vLLM, an inference and serving engine for large language models. A remote attacker can exploit a vulnerability in the VideoMediaIO.loadbase64 method by sending a single API request containing a large number of comma-separated base64-encoded JPEG frames. This bypasses the...

PYSEC-2026-71

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

CVE-2026-35167 Kedro has a path traversal in versioned dataset loading via unsanitized version string

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

CVE-2026-35167

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

EUVD-2026-19235

A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.setstate of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been mad...

EUVD-2026-19250

A double free vulnerability exists in librz/bin/format/le/le.c in the function leloadfixuprecord. When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the...

CVE-2026-5659

A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.setstate of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been mad...

CVE-2026-5659 pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization

A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.setstate of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been mad...

CVE-2026-5659 pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization

A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.setstate of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been mad...

PT-2026-30602

A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie. setstate of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been ma...

Directory Traversal

Overview griptape is a Modular Python framework for LLM workflows, tools, memory, and data. Affected versions of this package are vulnerable to Directory Traversal the LocalFileManagerDriver file path resolution in griptape/drivers/filemanager/localfilemanagerdriver.py. An attacker can read, list...

CVE-2026-5595

The CVE-2026-5595 entry affects griptape-ai griptape 0.19.4, specifically the FileManagerTool functions load_files_from_disk, list_files_from_disk, save_content_to_file, and save_memory_artifacts_to_disk, with a path traversal flaw. The issue can be exploited remotely and the exploit has been pub...

EUVD-2026-19061

A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loader.ts. The manipulation leads to code injection. Remote exploitation of the attack is possible...

CVE-2026-5556

A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loader.ts. The manipulation leads to code injection. Remote exploitation of the attack is possible...

SUSE CVE-2026-3308

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...

SUSE CVE-2026-5313

A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbigifloadnext in the library stbimage.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and ma...

CVE-2026-5476

A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFETBLValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfetblpassthrucodec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told to b...

EUVD-2026-18814

A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFETBLValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfetblpassthrucodec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The exploitability is told to b...