Lucene search
+L

1995 matches found

nuclei
nuclei
added 6 hours ago110 views

LMDeploy - Server-Side Request Forgery

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in the vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal or...

7.5CVSS6.3AI score0.4525EPSS
Exploits2References3
nvd
nvd
added 2 days ago10 views

CVE-2026-15628

A security flaw has been discovered in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1. This issue affects the function Vision.downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Performing a manipulation of the argument image results in server-side request...

6.5CVSS0.00219EPSS
Exploits0References8
cve
cve
added 2 days ago12 views

CVE-2026-15628

The CVE-2026-15628 affects zhayujie chatgpt-on-wechat CowAgent ≤ 2.1.1, specifically the Vision Tool’s Vision._download_to_data_url function. A manipulation of the image argument enables server-side request forgery, allowing remote initiation of attacks. Exploitation is supported by public disclo...

6.5CVSS6.3AI score0.00219EPSS
Exploits0References8
euvd
euvd
added 2 days ago5 views

EUVD-2026-43617

A security flaw has been discovered in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1. This issue affects the function Vision.downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Performing a manipulation of the argument image results in server-side request...

6.5CVSS6.3AI score0.00219EPSS
Exploits0References8
osv
osv
added 2 days ago2 views

CVE-2026-15628 zhayujie chatgpt-on-wechat CowAgent Vision Tool vision.py Vision._download_to_data_url server-side request forgery

A security flaw has been discovered in zhayujie chatgpt-on-wechat CowAgent up to 2.1.1. This issue affects the function Vision.downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Performing a manipulation of the argument image results in server-side request...

5.3CVSS6.3AI score0.00219EPSS
Exploits0References10
snyk
snyk
added 6 days ago4 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through the image process in open-sse/translator/concerns/image.js. An attacker can access internal-only HTTP services by...

7.4CVSS6.1AI score0.00154EPSS
Exploits0References2
attackerkb
attackerkb
added 6 days ago1 views

CVE-2026-56676

9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy ca...

7.4CVSS6.1AI score0.00154EPSS
Exploits0References4Affected Software1
nvd
nvd
added 6 days ago9 views

CVE-2026-15330

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

7.5CVSS0.00352EPSS
Exploits0References9
cvelist
cvelist
added 6 days ago33 views

CVE-2026-15330 zhayujie CowAgent Vision Tool vision.py _download_to_data_url server-side request forgery

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

7.5CVSS0.00352EPSS
Exploits0References9
euvd
euvd
added 6 days ago6 views

EUVD-2026-42788

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

7.5CVSS6.6AI score0.00352EPSS
Exploits0References9
attackerkb
attackerkb
added 6 days ago7 views

CVE-2026-15330

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

7.5CVSS6.6AI score0.00352EPSS
Exploits0References9Affected Software1
cve
cve
added 6 days ago10 views

CVE-2026-15330

CVE-2026-15330 affects zhayujie CowAgent — Vision Tool, specifically the file vision.py, function _build_image_content/_download_to_data_url. The vulnerability arises from manipulating the input image argument, enabling remote SSRF via the Vision Tool component. Attacker could trigger remotely; e...

7.5CVSS6.6AI score0.00352EPSS
Exploits0References9
osv
osv
added 6 days ago2 views

CVE-2026-15330 zhayujie CowAgent Vision Tool vision.py _download_to_data_url server-side request forgery

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

6.9CVSS6.5AI score0.00352EPSS
Exploits0References11
cve
cve
added 2026/07/06 8:9 p.m.14 views

CVE-2025-59617

CVE-2025-59617 describes a memory corruption (likely use-after-free) when processing multiple IOCTL calls sharing the same buffer file descriptor. The issue is referenced under Computer Vision in CVE lists; concrete affected product/vendor/version are not specified in the provided documents. CVSS...

7.3CVSS6.1AI score0.00065EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/07/06 8:9 p.m.6 views

CVE-2025-59617 Use After Free in Computer Vision

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input...

6.6CVSS6.1AI score0.00065EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/06 8:9 p.m.37 views

CVE-2025-59617 Use After Free in Computer Vision

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input...

6.6CVSS0.00065EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/07/06 8:9 p.m.6 views

CVE-2025-59616 Use After Free in Computer Vision

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory...

6.6CVSS6.1AI score0.00064EPSS
Exploits0References1
cve
cve
added 2026/07/06 8:9 p.m.16 views

CVE-2025-59616

CVE-2025-59616 is a memory corruption (use-after-free) flaw triggered when processing multiple IOCTL calls using the same buffer file descriptor input, due to accessing already freed memory. According to NVD, the CVSSv3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with a base score of 7.8 (HIG...

7.8CVSS6.1AI score0.00064EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/07/06 8:9 p.m.38 views

CVE-2025-59616 Use After Free in Computer Vision

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory...

6.6CVSS0.00064EPSS
Exploits0References1
cve
cve
added 2026/07/06 8:9 p.m.15 views

CVE-2025-59615

Technical details are not publicly available in the provided documents. Monitor for updates.

7.8CVSS6AI score0.00064EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder