|
641
|
2.6 |
LOW
Adjacent
|
-
|
-
|
A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_rout…
New
|
CWE-310
CWE-330
Cryptographic Issues
Use of Insufficiently Random Values
|
CVE-2026-7847
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
642
|
- |
|
-
|
-
|
OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml.
New
|
-
|
CVE-2026-38429
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
643
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with a…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-34956
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
644
|
- |
|
-
|
-
|
RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTOR…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-25589
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
645
|
- |
|
-
|
-
|
RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE comma…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-25588
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
646
|
- |
|
-
|
-
|
A hidden console command is vulnerable to command injection
flaw when control characters are passed to its second argument.
A third party researcher Eugene Lim had discovered vulnerability
in the w…
New
|
CWE-88
Argument Injection
|
CVE-2026-7865
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
647
|
2.6 |
LOW
Adjacent
|
-
|
-
|
A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the c…
New
|
CWE-362
CWE-367
Race Condition
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-7846
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
648
|
2.6 |
LOW
Adjacent
|
-
|
-
|
A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py …
New
|
CWE-327
CWE-328
Use of a Broken or Risky Cryptographic Algorithm
Use of Weak Hash
|
CVE-2026-7845
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
649
|
6.3 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list_files/retrieve_file/retrieve_file_content/delete_file of the file l…
New
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-7844
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
650
|
4.3 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.
`django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). T…
New
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2026-6907
|
2026-05-6 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
