CVE Intelligence
Verified by Execution

Every vulnerability analyzed through real exploitation against live environments. Real IOCs from real traffic. Detection rules from real attacks. Hands-on labs, specifically designed for CVE.

Exploit PoCs

Get ongoing access to exploit PoCs for high-impact CVEs.

IOCs and Blue Team Support

Specific IOCs and detection rules for your SIEM. Indicators from actual attack traffic.

Hands-On Labs

Docker labs or VM instructions, specifically designed per CVE. Practice exploitation and detection locally.

Latest CVE Articles

View all →

HIGH 8.6⚡ Verified

CVE-2025-68665

@langchain/core<0.3.80

CVE-2025-68665 is a critical deserialization vulnerability in the @langchain/core npm package (versions prior to 0.3.80) that allows unauthenticated attackers to exfiltrate arbitrary environment variables — including API keys, database passwords, and cloud credentials — by injecting crafted JSON payloads into endpoints that use the load() function. With a CVSS score of 8.6 and network-accessible attack surface requiring no authentication, this vulnerability poses an immediate risk to any application exposing LangChain deserialization endpoints.

npmCWE-502Lab Available

13 IOCs3 Rules

CVEs Analyzed

100%

Exploit Verified

IOCs Captured

Labs Available

CVE IntelligenceVerified by Execution

Exploit PoCs

IOCs and Blue Team Support

Hands-On Labs

Latest CVE Articles

CVE Intelligence
Verified by Execution