3356 matches found
Google Go 安全漏洞
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google, Inc. A security vulnerability exists in Google Go that stems from the HostnameError.Error function in package crypto/x509 constructing an error string without limiting the number ...
USN-7902-1: CRaC JDK 25 vulnerabilities
Jinfeng Guo discovered that the Security component of CRaC JDK 25 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JA...
USN-7902-1 openjdk-25-crac vulnerabilities
Jinfeng Guo discovered that the Security component of CRaC JDK 25 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JA...
ROS-20251128-02
A vulnerability in OpenBao's secret management and encryption system is related to the fact that OpenBao's audit logs incorrectly edited fields when the corresponding subsystems sent byte response parameters rather than strings. strings. Exploitation of the vulnerability could allow an attacker...
USN-7891-1: rust-openssl vulnerabilities
Matt Mastracci discovered that rust-openssl was incorrectly handling server lifetimes in certain functions. An attacker could possibly use this issue to cause a denial of service or run arbitrary memory content to the client. CVE-2025-24898 It was discovered that rust-openssl was incorrectly...
PT-2025-48080
Name of the Vulnerable Software and Affected Versions OpenSearch versions prior to 3.2.0 Description A flaw exists in OpenSearch that enables attackers to trigger a Denial of Service DoS condition. This is achieved by providing complex query string inputs. Recommendations Update to version 3.2.0 ...
USN-7885-1: OpenJDK 21 vulnerabilities
Jinfeng Guo discovered that the Security component of OpenJDK 21 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAX...
USN-7884-1: OpenJDK 25 vulnerabilities
Jinfeng Guo discovered that the Security component of OpenJDK 25 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAX...
USN-7884-1 openjdk-25 vulnerabilities
Jinfeng Guo discovered that the Security component of OpenJDK 25 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAX...
USN-7883-1: OpenJDK 17 vulnerabilities
Jinfeng Guo discovered that the Security component of OpenJDK 17 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAX...
USN-7882-1 openjdk-lts vulnerabilities
Jinfeng Guo discovered that the Security component of OpenJDK 11 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAX...
USN-7881-1: OpenJDK 8 vulnerabilities
Jinfeng Guo discovered that the Security component of OpenJDK 8 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAXP...
CVE-2025-65106 LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This...
CVE-2025-65106 LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This...
CVE-2025-65106 LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This...
LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
Context A template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings not just template variables in ChatPromptTemplate...
GHSA-6QV9-48XG-FC7F LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
Context A template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings not just template variables in ChatPromptTemplate...
CVE-2025-64076
Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...
CVE-2025-64076
Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...
CVE-2025-64076
CVE-2025-64076 affects the cbor2 library (Python CBOR) via the C extension decode_definite_long_string() in source/decoder.c. The advisory describes two issues: (1) an integer underflow in chunk processing leads to out-of-bounds reads, potentially triggering resource exhaustion; (2) a missing Py_...