CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Vulnrichment•added 2026/04/07 2:50 p.m.•1 views

CVE-2026-35487 text-generation-webui has a Path Traversal in load_prompt() — .txt file read without authentication

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...

5.3CVSS5.9AI score0.00074EPSS

Exploits0References1

OSV•added 2026/03/27 7:45 p.m.•1 views

GHSA-QH6H-P6C9-FF54 LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions

Summary Multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an application passes user-influenced prompt configurations to loadprompt or loadpromptfromconfig...

7.5CVSS6AI score0.00035EPSS

Exploits2References5

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-0121

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00166EPSS

Exploits1References8

RedhatCVE•added 2025/05/23 4:0 a.m.•6 views

CVE-2023-36281

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to loadprompt. This is related to subclasses or a template...

9.8CVSS7.8AI score0.62245EPSS

Exploits2References1

Github Security Blog•added 2023/08/22 9:30 p.m.•23 views

langchain vulnerable to arbitrary code execution

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the loadprompt parameter. This is related to subclasses or a template...

9.8CVSS9.7AI score0.62245EPSS

Exploits2References8Affected Software1

OSV•added 2023/08/22 7:16 p.m.•21 views

CVE-2023-36281

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to loadprompt. This is related to subclasses or a template...

9.8CVSS8.1AI score

Exploits0References3

NVD•added 2023/08/22 7:16 p.m.•9 views

CVE-2023-36281

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to loadprompt. This is related to subclasses or a template...

9.8CVSS9.6AI score0.62245EPSS

Exploits2References3

Cvelist•added 2023/08/22 12:0 a.m.•13 views

CVE-2023-36281

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to loadprompt. This is related to subclasses or a template...

9.8AI score0.62245EPSS

Exploits2References3

Veracode•added 2023/06/28 7:58 a.m.•20 views

Arbitrary Code Execution

langchain is vulnerable to Arbitrary Code Execution. The vulnerability exists because it does not properly validate the loadprompt method, which allows an attacker to execute malicious code on the system...

9.8CVSS7.4AI score0.00166EPSS

Exploits1References3Affected Software1

Github Security Blog•added 2023/06/20 3:31 p.m.•42 views

Langchain vulnerable to arbitrary code execution

Langchain 0.0.171 is vulnerable to Arbitrary code execution in loadprompt...

9.8CVSS7.5AI score0.00166EPSS

Exploits1References7Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by