| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store (for example, after a database compromise or other privileged write access to the persistence layer), they can potentially supply a crafted payload that triggers unsafe object reconstruction when the checkpoint is loaded. No known patch is public. |
| Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE() in Streaming Helper, the event, id, and retry fields were not validated for carriage return (\r) or newline (\n) characters. Because the SSE protocol uses line breaks as field delimiters, this could allow injection of additional SSE fields within the same event frame if untrusted input was passed into these fields. This issue has been patched in version 4.12.4. |
| Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\r), or newline characters (\n) in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields. This issue has been patched in version 4.12.4. |
| CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Prior to version 47.6.0, a cross-site scripting (XSS) vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially crafted markup, leading to unauthorized JavaScript code execution, if the editor instance used an unsafe General HTML Support configuration. This issue has been patched in version 47.6.0. |
| The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in version 3.0.0. |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component. |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot. |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule. |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS. |
| D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability. |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter. |
| Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard. |
| Payment Orchestrator Service Elevation of Privilege Vulnerability |
| Microsoft Devices Pricing Program Remote Code Execution Vulnerability |
