5 matches found
CVE-2026-34070
LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an...
CVE-2026-34070 LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions
LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an...
PT-2026-28599
Name of the Vulnerable Software and Affected Versions LangChain versions prior to 1.2.22 Description Multiple functions within langchain core.prompts.loading read files from paths embedded in deserialized configuration dictionaries without validating against absolute path injection or directory...
Security Bulletin: A security vulnerability has been identified in Tivoli Netcool/OMNIbus WebGUI shipped with IBM Operations Analytics Predictive Insights (CVE-2020-4196)
Summary Tivoli Netcool/OMNIbus WebGUI is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting Tivoli Netcool/OMNIbus WebGUI has been published in a security bulletin. Vulnerability Details Refer to the security bulletinss...
Security Bulletin: Cross-Site Scripting (XSS) vulnerability have been identified on Tool Prompt Configuration page of Tivoli Netcool/OMNIbus WebGUI (CVE-2020-4196)
Summary Fix is available for vulnerability in Cross-Site Scripting XSS affecting Tivoli Netcool/OMNIbus WebGUI Tool Prompt Configuration page CVE-2020-4196. Vulnerability Details CVEID: CVE-2020-4196 DESCRIPTION: IBM Tivoli Netcool/OMNIbusGUI is vulnerable to cross-site scripting. This...