CVE-2025-32423

AutoGPT contains a DoS vulnerability in the ExtractTextInformationBlock prior to version 0.6.32. Malicious input amplification can cause a server to consume excessive memory (e.g., 10 KB input leading to ~50 GB memory usage), exhausting resources and causing DoS. The issue is fixed in 0.6.32. Aff...

EUVD-2026-17035

A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the Dependsgetcurrentactiveus...

CVE-2026-0558 Unauthenticated File Upload in parisneo/lollms

A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the Dependsgetcurrentactiveus...

CVE-2026-0558 Unauthenticated File Upload in parisneo/lollms

A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the Dependsgetcurrentactiveus...

CVE-2026-0558

The CVE-2026-0558 issue affects parisneo/lollms up to 2.2.0, where the /api/files/extract-text endpoint accepts file uploads without authentication, lacking the Depends(get_current_active_user) check. This exposes unauthenticated users to DoS via resource exhaustion and potential information disc...

CVE-2026-0558

A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the Dependsgetcurrentactiveus...

LoLLMs 授权问题漏洞

LoLLMs is a large language and multimodal system developed by Saifeddine ALOUI. Versions of LoLLMs 2.2.0 and earlier contained an authorization vulnerability. This vulnerability stemmed from the lack of mandatory authentication for the/api/files/extract-text endpoint, which could lead to...

Unauthenticated File Upload in LollMS

Executive Summary A critical security vulnerability has been identified in LollMS that allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint lacks authentication requirements, contradicting the application's documented "Secure...

Malicious Package

Overview wf-extract-text-in-image2 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

MAL-2023-963 Malicious code in wf-extract-text-in-image2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3cd6fc1170a3ada1d746fc52e031d5c161e68ecaccf1383924617a33f88f75a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...