LangChain 代码问题漏洞

LangChain is an open-source framework developed by LangChain for creating applications powered by large language models LLMs. Versions of LangChain prior to 0.3.85 and 1.3.3 contained code vulnerabilities. These vulnerabilities stemmed from the use of an overly broad object white-list for...

JLSEC-2026-254 Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values...

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

CVE-2016-20027 ZKTeco ZKBioSecurity 3.0 Multiple Reflected XSS Vulnerabilities

ZKTeco ZKBioSecurity 3.0 contains multiple reflected cross-site scripting vulnerabilities that allow attackers to execute arbitrary HTML and script code by injecting malicious payloads through unsanitized parameters in multiple scripts. Attackers can craft malicious URLs with XSS payloads in...

CVE-2026-27744

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...

CVE-2026-27746

The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting XSS vulnerability in the prepropre pipeline. The plugin incorporates untrusted request parameters into HTML output without proper output encoding, allowing attackers to inject arbitrary script content into pages...

CVE-2026-27746

The CVE-2026-27746 entry concerns the SPIP jeux plugin (versions prior to 4.1.1). Affected component: the pre_propre pipeline, where untrusted request parameters are inserted into HTML output without proper encoding. This results in a reflected XSS vulnerability: when a user visits a crafted URL,...

CVE-2026-27746

The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting XSS vulnerability in the prepropre pipeline. The plugin incorporates untrusted request parameters into HTML output without proper output encoding, allowing attackers to inject arbitrary script content into pages...

PT-2026-21859

Name of the Vulnerable Software and Affected Versions SPIP tickets plugin versions prior to 4.3.3 Description The SPIP tickets plugin is affected by a remote code execution issue. An unauthenticated attacker can execute code on the web server through crafted content injection. The plugin appends...

SPIP 安全漏洞

SPIP is an open-source software for creating Internet websites. Versions of SPIP prior to 4.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the pre-proprietary pipeline, which combined untrusted request parameters into HTML output, potentially allowing for reflection-ty...

Deserialization Of Untrusted Data

Apache Causeway is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe Java deserialization of user-controllable URL parameters in ViewModel handling, which allows an authenticated attacker to execute arbitrary code with application privileges...

Cross-site Scripting

pyloadng is vulnerable to Cross-site Scripting. The vulnerability is due to unsafe handling of untrusted parameters in the Captcha and CNL endpoints, allowing attackers to inject malicious content or manipulate request processing, leading to Cross-site Scripting or other unintended behaviors...

SUSE CVE-2024-9143

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

OpenSSL: Excessive time spent checking DH q parameter value

A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DHcheck, DHcheckex, or EVPPKEYparamcheck functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an...

DEBIAN-CVE-2023-5678

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...

PT-2019-5894 · Python +8 · Urllib2 +10

Name of the Vulnerable Software and Affected Versions: Python versions 2.x through 2.7.16 Python versions 3.x through 3.7.3 Description: The issue is related to the urllib2 module in Python, which does not properly neutralize CRLF sequences. This allows for CRLF injection if an attacker controls ...

CVE-2017-17562

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc...

CVE-2001-1402

Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting CSS and possibly SQL injection attacks on 1 the product or output form variables for reports.cgi, 2 the voteon, bugid, and user...