122 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the safeurl process. An attacker can inject malicious URLs into rendered href and src attributes by crafting links that use legacy or chained schemes, potentially leading to script execution in affected user...
CVE-2026-54008 Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url`
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, backend/openwebui/utils/oauth.py::processpictureurl calls validateurlpictureurl on the initial URL only, then invokes aiohttp.ClientSession.getpictureurl, ... without...
CVE-2026-6587
A flaw was found in vibrantlabsai RAGAS. A remote attacker can exploit a server-side request forgery SSRF vulnerability by manipulating the retrievedcontexts argument within the tryprocesslocalfile or tryprocessurl functions. This manipulation allows the attacker to induce the server to make...
EUVD-2026-23727
A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...
OPENSUSE-SU-2026:20519-1 Security update for nodejs24
This update for nodejs24 fixes the following issues: Update to version 24.14.1. Security issues fixed: - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716:...
EUVD-2026-17093
A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...
CVE-2026-21712
A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...
UBUNTU-CVE-2026-21712
A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...
CVE-2026-21712
A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...
CVE-2026-21712
CVE-2026-21712 affects the Node.js package nodejs24 for versions less than 24.14.1-1 . The issue is a flaw in Node.js URL processing that triggers an assertion failure in native code when url.format() is called with a malformed internationalized domain name (IDN) containing invalid characters, cr...
Linux Distros Unpatched Vulnerability : CVE-2026-21712
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN...
Angular 输入验证错误漏洞
Angular is an open-source development platform created by Angular. It is used to build mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions of Angular prior to 19.2.21, 20.3.17, 21.1.5, and 21.2.0-rc.1 contained a vulnerability related to input validation...
PT-2026-29037
Name of the Vulnerable Software and Affected Versions Node.js affected versions not specified Description A flaw in Node.js URL processing can lead to an assertion failure in native code when the url.format function is invoked with a malformed internationalized domain name IDN containing invalid...
PT-2025-41454
Name of the Vulnerable Software and Affected Versions New API versions prior to 0.9.0.5 Description New API is a large language model LLM gateway and artificial intelligence AI asset management system. An authenticated Server-Side Request Forgery SSRF issue exists because the application does not...
Server-side Request Forgery (SSRF)
Overview llamafactory is an Easy-to-use LLM fine-tuning framework Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the processrequest function, which processes incoming content URLs without proper validation or sanitization. An attacker can access internal...
EUVD-2013-4289
Malware in sbrugna...
EUVD-2014-8325
Malware in sbrugna...
EUVD-2019-4672
Malware in sbrugna...
EUVD-2002-2195
Malware in sbrugna...
EUVD-2022-43194
Malicious code in bioql PyPI...