8 matches found
PYSEC-2024-112
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except f...
PYSEC-2024-119
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service DOS attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT...
ChuanhuChatGPT 资源管理错误漏洞
ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. A resource management error vulnerability exists in ChuanhuChatGPT version 20240628, which stems from uncontrolled resource consumption that...
PT-2024-38718 · Unknown · Gaizhenbiao/Chuanhuchatgpt
Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version 20240628 Description: An arbitrary file read issue exists due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute pat...
ChuanhuChatGPT 安全漏洞
ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. An information disclosure vulnerability exists in ChuanhuChatGPT version 20240628, which can be exploited by an attacker to gain access to...
ChuanhuChatGPT 安全漏洞
ChuanhuChatGPT is an application by the individual developer Chuan Hu. It provides a fast and easy-to-use web graphical interface and many additional features for many LLMs such as ChatGPT. A security vulnerability exists in ChuanhuChatGPT version 20240628, which stems from insufficient validatio...
CVE-2024-4224
An authenticated stored cross-site scripting XSS exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DEUN V7.61.0.0 Build 20230616, which could allow an adversary to run JavaScript in an administrator's browser. This issue was fixed in TL-SG1016DEUN V71.0.1 Build 20240628...
PT-2024-5357 · Tp Link · Tp-Link Tl-Sg1016De
Name of the Vulnerable Software and Affected Versions: TP-Link TL-SG1016DE version TL-SG1016DEUN V7.6 1.0.0 Build 20230616 Description: The issue is related to an authenticated stored cross-site scripting XSS that could allow an adversary to run JavaScript in an administrator's browser. This is d...