Résumé
ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer
Références
Vulnérabilités liées
Tout Supply chain →- CRITICALGHSA-CCV6-R384-XP75
Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit
- CRITICALGHSA-WFQX-GJRF-G28R
Crossplane: Signature verification TOCTOU allows installing unverified package content via mutable tag
- MEDIUMGHSA-6JJ2-4Q5C-X8G6
CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance
- MEDIUMGHSA-3VGW-585J-4M45
BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-10284
- HIGHGHSA-RJVW-7VVW-549V
PraisonAI: Jobs webhook SSRF protection bypass via DNS rebinding
- HIGHGHSA-869J-R97X-HX2G
Anki's local HTTP server does not sufficiently validate requests