8 matches found
Deserialization of Untrusted Data
Overview langchain-classic is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Deserialization of Untrusted Data when fetching and processing prompt manifests from external sources. An attacker can execute arbitrary code or manipulate...
Improper Neutralization of Special Elements in Data Query Logic
Overview org.springframework.ai:spring-ai-milvus-store is a Spring AI Vector Store - Milvus Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the MilvusVectorStoredoDeleteList implementation. An attacker can inject filter...
Template Injection
Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Template Injection in the prompt template system. An attacker can access internal Python object attributes by submitting specially crafted template strings to...
EUVD-2025-23515
Malicious code in bioql PyPI...
PT-2025-33673 · Aiven · Aiven-Db-Migrate
Name of the Vulnerable Software and Affected Versions: aiven-db-migrate versions prior to 1.0.7 Description: aiven-db-migrate is a database migration tool. A privilege escalation issue exists that could allow elevation to superuser inside PostgreSQL databases during a migration from an untrusted...
SQL Injection
Overview yascheduler is a Yet another computing scheduler and cloud orchestration engine Affected versions of this package are vulnerable to SQL Injection in the queuesubmittask function. Remediation Upgrade yascheduler to version 1.0.7 or higher. References - GitHub Commit...
PT-2022-13969 · WordPress · Files Download Delay
Name of the Vulnerable Software and Affected Versions: Files Download Delay WordPress plugin versions prior to 1.0.7 Description: The issue concerns a lack of authorization and CSRF checks when resetting settings in the plugin. This could allow any authenticated users, such as subscribers, to...
Security Bulletin: Security Vulnerability in IBM Java SDK affects IBM Voice Gateway
Summary Security Vulnerability in IBM Java SDK affects IBM Voice Gateway Vulnerability Details CVEID: CVE-2020-2590 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low...