| Page(s) : 1 ... 65 66 67 68 69 70 71 72 73 74 [75] 76 77 78 79 80 81 82 83 84 85 ... | Result(s) : 287478 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-03-20 | CVE-2024-10834 | cve | eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absol... |
| N/A | 2025-03-20 | CVE-2024-10835 | cve | In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/sql/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be ... |
| N/A | 2025-03-20 | CVE-2024-10901 | cve | In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/chart/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can b... |
| N/A | 2025-03-20 | CVE-2024-10902 | cve | In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unautho... |
| N/A | 2025-03-20 | CVE-2024-10906 | cve | In version 0.6.0 of eosphoros-ai/db-gpt, the `uvicorn` app created by `dbgpt_server` uses an overly permissive instance of `CORSMiddleware` which sets the `Access-Control-Allow-... |
| N/A | 2025-03-20 | CVE-2024-10907 | cve | In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed ... |
| N/A | 2025-03-20 | CVE-2024-10908 | cve | An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. T... |
| N/A | 2025-03-20 | CVE-2024-10912 | cve | A Denial of Service (DoS) vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a la... |
| N/A | 2025-03-20 | CVE-2024-10935 | cve | automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. T... |
| N/A | 2025-03-20 | CVE-2024-10940 | cve | A vulnerability in langchain-core versions >=0.1.17,=0.2.0,=0.3.0, |
| N/A | 2025-03-20 | CVE-2024-10948 | cve | A vulnerability in the upload function of binary-husky/gpt_academic allows any user to read arbitrary files on the system, including sensitive files such as `config.py`. This is... |
| N/A | 2025-03-20 | CVE-2024-10950 | cve | In binary-husky/gpt_academic version |
| N/A | 2025-03-20 | CVE-2024-10954 | cve | In the `manim` plugin of binary-husky/gpt_academic, versions prior to the fix, a vulnerability exists due to improper handling of user-provided prompts. The root cause is the ex... |
| N/A | 2025-03-20 | CVE-2024-10955 | cve | A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern `r']+>'` to ... |
| N/A | 2025-03-20 | CVE-2024-10956 | cve | GPT Academy version 3.83 in the binary-husky/gpt_academic repository is vulnerable to Cross-Site WebSocket Hijacking (CSWSH). This vulnerability allows an attacker to hijack an ... |
| N/A | 2025-03-20 | CVE-2024-10986 | cve | GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.o... |
| N/A | 2025-03-20 | CVE-2024-11030 | cve | GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plugin function, which calls the crazy_utils.get_files_from_e... |
| N/A | 2025-03-20 | CVE-2024-11031 | cve | In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_Translate.get_files_from_everything() API. This vulnerabi... |
| N/A | 2025-03-20 | CVE-2024-11033 | cve | A Denial of Service (DoS) vulnerability exists in the file upload feature of binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of form-data w... |
| N/A | 2025-03-20 | CVE-2024-11037 | cve | A path traversal vulnerability exists in binary-husky/gpt_academic at commit 679352d, which allows an attacker to bypass the blocked_paths protection and read the config.py file... |
| Page(s) : 1 ... 65 66 67 68 69 70 71 72 73 74 [75] 76 77 78 79 80 81 82 83 84 85 ... | Result(s) : 287478 |
