Server-side Request Forgery (SSRF)

Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the convertmessagecreatetomessage function in the File URL Handler component when processing the ImageContent argument. An attacker...

letta-nory (=0.1.0) potentially affected by CVE-2025-6101 +1 more via letta (=0.16.7)

letta PYPI version =0.16.7 is affected by a known vulnerability. The following packages have a transitive dependency on letta and may be impacted: - letta-nory =0.1.0 Source cves: CVE-2025-6101, CVE-2026-4965 Source advisory: SNYK:PYTHON-LETTA-15874391...

Linux Distros Unpatched Vulnerability : CVE-2019-20478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, thi...

CVE-2024-8917

The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...

WordPress plugin AnWP Football Leagues 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

WordPress AnWP Football Leagues plugin <= 0.16.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin AnWP Football Leagues versions = 0.16.7...

WordPress AnWP Football Leagues Plugin <= 0.16.7 is vulnerable to Cross Site Scripting (XSS)

Software AnWP Football Leagues Type Plugin Vulnerable versions = 0.16.7 Fixed in 0.16.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8917 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1862a8d1a35e Credits Francesco Carluc...

PT-2024-39318 · WordPress · Anwp Football Leagues

Name of the Vulnerable Software and Affected Versions: AnWP Football Leagues plugin for WordPress versions up to, and including, 0.16.7 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

UBUNTU-CVE-2019-20478

In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safeload in these use cases...

ruamel.yam deserialization vulnerability

ruamel.yaml is a YAML parser. A security vulnerability exists in ruamel.yaml version 0.16.7 and earlier. An attacker can exploit the vulnerability to execute code...