EUVD-2019-17091

Malware in sbrugna...

Unity Linux 20.1070e Security Update: yasm (UTSA-2025-984690)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984690 advisory. yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasmsectionbcsappend function at section.c. Tenable has extracted the preceding...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-984806)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984806 advisory. In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIGXENPV=y, .text symbols...

Unity Linux 20.1070e Security Update: libtiff (UTSA-2025-680607)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680607 advisory. LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For...

LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing

The HTMLSectionSplitter class in langchain-text-splitters is vulnerable to XML External Entity XXE attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse and lxml.etree.XSLT without any...

CVE-2025-6985

The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity XXE attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse and lxml.etree.XSL...

CVE-2025-6985 XXE Vulnerability in langchain-ai/langchain

The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity XXE attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse and lxml.etree.XSL...

CVE-2025-6985

The CVE-2025-6985 entry concerns LangChain Text Splitters (langchain-text-splitters) v0.3.8, with an XML External Entity (XXE) risk due to unsafe XSLT parsing. The connected docs explain that arbitrary XSLT stylesheets are parsed using lxml.etree.parse() and lxml.etree.XSLT() without hardening, a...

CVE-2025-8669

The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the resetcustomizesection function. This makes it possible for unauthenticated attackers to reset theme customization settings via a forged...

EUVD-2025-28061

Malicious code in bioql PyPI...

EUVD-2025-5405

Malicious code in bioql PyPI...

EUVD-2025-30898

Malicious code in bioql PyPI...

EUVD-2025-19793

Malicious code in bioql PyPI...

EUVD-2023-56022

Malicious code in bioql PyPI...

EUVD-2025-31443

Malicious code in bioql PyPI...

EUVD-2023-56033

Malicious code in bioql PyPI...

EUVD-2024-33714

Malicious code in bioql PyPI...

EUVD-2024-19715

Malicious code in bioql PyPI...

EUVD-2023-28079

Malicious code in bioql PyPI...

EUVD-2022-39415

Malicious code in bioql PyPI...