Lucene search
K

8 matches found

Snyk
Snyk
added 2026/05/13 3:29 p.m.10 views

Deserialization of Untrusted Data

Overview langchain-classic is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Deserialization of Untrusted Data when fetching and processing prompt manifests from external sources. An attacker can execute arbitrary code or manipulate...

7.1CVSS6.2AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 12:0 a.m.7 views

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-milvus-store is a Spring AI Vector Store - Milvus Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the MilvusVectorStoredoDeleteList implementation. An attacker can inject filter...

8.8CVSS5.7AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/21 9:57 p.m.5 views

Template Injection

Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Template Injection in the prompt template system. An attacker can access internal Python object attributes by submitting specially crafted template strings to...

8.3CVSS6.7AI score0.00466EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-23515

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00636EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/08/18 12:0 a.m.6 views

PT-2025-33673 · Aiven · Aiven-Db-Migrate

Name of the Vulnerable Software and Affected Versions: aiven-db-migrate versions prior to 1.0.7 Description: aiven-db-migrate is a database migration tool. A privilege escalation issue exists that could allow elevation to superuser inside PostgreSQL databases during a migration from an untrusted...

9.1CVSS7.6AI score0.00575EPSS
Exploits0References10
Snyk
Snyk
added 2025/02/07 10:0 p.m.3 views

SQL Injection

Overview yascheduler is a Yet another computing scheduler and cloud orchestration engine Affected versions of this package are vulnerable to SQL Injection in the queuesubmittask function. Remediation Upgrade yascheduler to version 1.0.7 or higher. References - GitHub Commit...

7.3CVSS7.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/06/06 12:0 a.m.4 views

PT-2022-13969 · WordPress · Files Download Delay

Name of the Vulnerable Software and Affected Versions: Files Download Delay WordPress plugin versions prior to 1.0.7 Description: The issue concerns a lack of authorization and CSRF checks when resetting settings in the plugin. This could allow any authenticated users, such as subscribers, to...

6.5CVSS6.3AI score0.00406EPSS
Exploits2References5
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/21 7:34 p.m.43 views

Security Bulletin: Security Vulnerability in IBM Java SDK affects IBM Voice Gateway

Summary Security Vulnerability in IBM Java SDK affects IBM Voice Gateway Vulnerability Details CVEID: CVE-2020-2590 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low...

4.3CVSS1.8AI score0.03085EPSS
Exploits0Affected Software1
Rows per page
Query Builder