| Page(s) : 1 ... 687 688 689 690 691 692 693 694 695 696 [697] 698 699 700 701 702 703 704 705 706 707 ... | Result(s) : 299922 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-03-20 | CVE-2024-10829 | cve | A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive ... |
| N/A | 2025-03-20 | CVE-2024-10830 | cve | A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint `/v1/resource/file/delete`. This vulnerability allows an attacker to delete an... |
| N/A | 2025-03-20 | CVE-2024-10831 | cve | In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files ... |
| N/A | 2025-03-20 | CVE-2024-10833 | cve | eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to... |
| N/A | 2025-03-20 | CVE-2024-10834 | cve | eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absol... |
| N/A | 2025-03-20 | CVE-2024-10835 | cve | In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/sql/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be ... |
| N/A | 2025-03-20 | CVE-2024-10901 | cve | In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/chart/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can b... |
| N/A | 2025-03-20 | CVE-2024-10902 | cve | In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unautho... |
| N/A | 2025-03-20 | CVE-2024-10906 | cve | In version 0.6.0 of eosphoros-ai/db-gpt, the `uvicorn` app created by `dbgpt_server` uses an overly permissive instance of `CORSMiddleware` which sets the `Access-Control-Allow-... |
| N/A | 2025-03-20 | CVE-2024-10907 | cve | In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed ... |
| N/A | 2025-03-20 | CVE-2024-10908 | cve | An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. T... |
| N/A | 2025-03-20 | CVE-2024-10912 | cve | A Denial of Service (DoS) vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a la... |
| N/A | 2025-03-20 | CVE-2024-10935 | cve | automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. T... |
| N/A | 2025-03-20 | CVE-2024-10940 | cve | A vulnerability in langchain-core versions >=0.1.17,=0.2.0,=0.3.0, |
| N/A | 2025-03-20 | CVE-2024-10948 | cve | A vulnerability in the upload function of binary-husky/gpt_academic allows any user to read arbitrary files on the system, including sensitive files such as `config.py`. This is... |
| N/A | 2025-03-20 | CVE-2024-10950 | cve | In binary-husky/gpt_academic version |
| N/A | 2025-03-20 | CVE-2024-10954 | cve | In the `manim` plugin of binary-husky/gpt_academic, versions prior to the fix, a vulnerability exists due to improper handling of user-provided prompts. The root cause is the ex... |
| N/A | 2025-03-20 | CVE-2024-10955 | cve | A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern `r']+>'` to ... |
| N/A | 2025-03-20 | CVE-2024-10956 | cve | GPT Academy version 3.83 in the binary-husky/gpt_academic repository is vulnerable to Cross-Site WebSocket Hijacking (CSWSH). This vulnerability allows an attacker to hijack an ... |
| N/A | 2025-03-20 | CVE-2024-10986 | cve | GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.o... |
| Page(s) : 1 ... 687 688 689 690 691 692 693 694 695 696 [697] 698 699 700 701 702 703 704 705 706 707 ... | Result(s) : 299922 |
