Discover gists

## anchor.txt
4fcddd2c48cc06b2eebba76b8df0c90ead986b4af698b98657f02996f40480d6 @ 1782067409.025899

## anchor.txt
4fcddd2c48cc06b2eebba76b8df0c90ead986b4af698b98657f02996f40480d6 @ 1782067408.043528

## 2026-06-22_x_24h_ai.html
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>X 24h AI 热点 · 2026-06-22</title>
<style>
:root {
  --bg: #0d1117; --card: #161b22; --border: #30363d;
  --text: #c9d1d9; --muted: #8b949e; --accent: #58a6ff;

## GHSA-F4XH-W4CJ-QXQ8.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                alon710
                / GHSA-F4XH-W4CJ-QXQ8.md
            
            
              Created
              June 21, 2026 18:42
            
              
                GHSA-F4XH-W4CJ-QXQ8: GHSA-F4XH-W4CJ-QXQ8: Arbitrary Server-Side File Read in LangSmith SDK TracingMiddleware - CVE Security Report
              
          
    GHSA-F4XH-W4CJ-QXQ8: GHSA-F4XH-W4CJ-QXQ8: Arbitrary Server-Side File Read in LangSmith SDK TracingMiddleware


CVSS Score: 7.7
Published: 2026-06-19
Full Report: https://cvereports.com/reports/GHSA-F4XH-W4CJ-QXQ8

Summary

The LangSmith Python SDK TracingMiddleware is vulnerable to an arbitrary server-side file read. Due to origin validation and type confusion flaws, external inputs parsed from distributed tracing headers bypass local filesystem read protections, allowing remote attackers to silently exfiltrate arbitrary server files to the telemetry dashboard.
TL;DR


## output_log.txt
Log uploaded on Sunday, June 21, 2026, 8:42:21 PM
Loaded mods:
Harmony(brrainz.harmony)[mv:2.4.2.0]: 0Harmony(2.4.1), HarmonyMod(2.4.2)
Core(Ludeon.RimWorld): (no assemblies)
HugsLib(UnlimitedHugs.HugsLib)[ov:12.0.0]: 0Harmony(av:2.4.1,fv:1.2.0.1), HugsLib(av:1.0.0,fv:12.0.0)
Allow Tool(UnlimitedHugs.AllowTool): AllowTool(av:3.6.0,fv:3.14.0)
Geological Landforms(m00nl1ght.GeologicalLandforms): LunarLoader(1.1.17), LunarFramework(1.1.17), MapPreview(1.12.25), TerrainGraph(1.2.2), GeologicalLandforms(1.7.12), GeologicalLandformsMod(1.7.12)
Biome Transitions(m00nl1ght.GeologicalLandforms.BiomeTransitions): (no assemblies)
Common Sense(avilmask.CommonSense): CommonSense(1.0.9416.33549)
Adaptive Storage Framework(adaptive.storage.framework): 0MultiplayerAPI(av:0.5.0,fv:0.5.0), 1ITransformable(1.0.0), AdaptiveStorageFramework(1.2.4), CopyOperation(1.0.0), DefNameLink(1.0.0), GeneratorOperation(1.0.0), GeneratorOperationV2(1.0.0), PatchOperationSet(1.0.0), PatchOperationTryAdd(1.0.0), PostInheritanceOperation(1.0.0)

## foxd-token-meta.json
{
  "name": "FoxD: you lost ~$142 to router fees",
  "symbol": "FoxD",
  "description": "Your trading router skimmed ~$142 in hidden fees & MEV. See your full loss report and stop the bleed -> https://foxd.xyz",
  "image": "https://placehold.co/400x400/F7931A/FFFFFF/png?text=foxd.xyz",
  "external_url": "https://foxd.xyz"
}

## AllPostApiTest.java
package tests.api;

import api.adapters.HouseAdapter;
import api.models.HouseRq;
import api.models.HouseRs;
import org.assertj.core.api.SoftAssertions;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;

import java.math.BigDecimal;

## gist:fa9818bf7f42ee484096e2d6de17cb8b
import 'package:flutter/material.dart';

void main() => runApp(const CineApp());

class Oeuvre {
  final String titre;
  final String statutOuDate;
  final DateTime dateTri;
  final bool estSortie;
  final String classification;

## AllPostApiTest.java
package tests.api;

import api.adapters.HouseAdapter;
import api.models.HouseRq;
import api.models.HouseRs;
import org.assertj.core.api.SoftAssertions;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;

import java.math.BigDecimal;

## SIGMAGATE-x402-api.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                spektre-labs
                / SIGMAGATE-x402-api.md
            
            
              Created
              June 21, 2026 18:40
            
              
                SIGMAGATE — x402-metered LLM coherence/hallucination API (live, pay-per-call USDC on Solana, no signup)
              
          
    SIGMAGATE — x402 LLM-coherence / hallucination API (live, no signup)


Discoverable listing. Endpoint: https://swagletz-sigmagate.hf.space · pay-per-call USDC on Solana (x402).
Tags: x402, MCP, agent-tools, LLM-eval, hallucination-detection, Solana-pay, agentic-payments

SIGMAGATE LAUNCH — live https://swagletz-sigmagate.hf.space

Here is the tight launch package for SIGMAGATE:
	<!DOCTYPE html>
	<html lang="zh-CN">
	<head>
	<meta charset="UTF-8">
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<title>X 24h AI 热点 · 2026-06-22</title>
	<style>
	:root {
	--bg: #0d1117; --card: #161b22; --border: #30363d;
	--text: #c9d1d9; --muted: #8b949e; --accent: #58a6ff;
	Log uploaded on Sunday, June 21, 2026, 8:42:21 PM
	Loaded mods:
	Harmony(brrainz.harmony)[mv:2.4.2.0]: 0Harmony(2.4.1), HarmonyMod(2.4.2)
	Core(Ludeon.RimWorld): (no assemblies)
	HugsLib(UnlimitedHugs.HugsLib)[ov:12.0.0]: 0Harmony(av:2.4.1,fv:1.2.0.1), HugsLib(av:1.0.0,fv:12.0.0)
	Allow Tool(UnlimitedHugs.AllowTool): AllowTool(av:3.6.0,fv:3.14.0)
	Geological Landforms(m00nl1ght.GeologicalLandforms): LunarLoader(1.1.17), LunarFramework(1.1.17), MapPreview(1.12.25), TerrainGraph(1.2.2), GeologicalLandforms(1.7.12), GeologicalLandformsMod(1.7.12)
	Biome Transitions(m00nl1ght.GeologicalLandforms.BiomeTransitions): (no assemblies)
	Common Sense(avilmask.CommonSense): CommonSense(1.0.9416.33549)
	Adaptive Storage Framework(adaptive.storage.framework): 0MultiplayerAPI(av:0.5.0,fv:0.5.0), 1ITransformable(1.0.0), AdaptiveStorageFramework(1.2.4), CopyOperation(1.0.0), DefNameLink(1.0.0), GeneratorOperation(1.0.0), GeneratorOperationV2(1.0.0), PatchOperationSet(1.0.0), PatchOperationTryAdd(1.0.0), PostInheritanceOperation(1.0.0)
	{
	"name": "FoxD: you lost ~$142 to router fees",
	"symbol": "FoxD",
	"description": "Your trading router skimmed ~$142 in hidden fees & MEV. See your full loss report and stop the bleed -> https://foxd.xyz",
	"image": "https://placehold.co/400x400/F7931A/FFFFFF/png?text=foxd.xyz",
	"external_url": "https://foxd.xyz"
	}
	package tests.api;

	import api.adapters.HouseAdapter;
	import api.models.HouseRq;
	import api.models.HouseRs;
	import org.assertj.core.api.SoftAssertions;
	import org.junit.jupiter.api.DisplayName;
	import org.junit.jupiter.api.Test;

	import java.math.BigDecimal;
	import 'package:flutter/material.dart';

	void main() => runApp(const CineApp());

	class Oeuvre {
	final String titre;
	final String statutOuDate;
	final DateTime dateTri;
	final bool estSortie;
	final String classification;