Lucene search
K

28 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7027

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.00873EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-7038

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.00646EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/03/22 12:23 p.m.8 views

CVE-2024-12068

A Server-Side Request Forgery SSRF vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive data that is only accessible from the server, such...

7.5CVSS6.9AI score0.00646EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:5 p.m.7 views

CVE-2024-10225

A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service DoS by appending a large number of characters to the end of a multipart boundary in a file upload request. This causes the server to continuously process each character, rendering the application...

7.5CVSS6.8AI score0.00588EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:54 a.m.10 views

CVE-2024-9309

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 LLaVA-1.6. This vulnerability allows attackers to exploit the victim Controller API Server's credentials to perform unauthorized...

9.3CVSS6.9AI score0.00473EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:40 a.m.8 views

CVE-2024-11449

A vulnerability in haotian-liu/llava version 1.2.0 LLaVA-1.6 allows for Server-Side Request Forgery SSRF through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation o...

7.5CVSS6.9AI score0.00646EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.9 views

CVE-2024-9309

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 LLaVA-1.6. This vulnerability allows attackers to exploit the victim Controller API Server's credentials to perform unauthorized...

9.3CVSS0.00473EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-9308

An open redirect vulnerability in haotian-liu/llava version v1.2.0 LLaVA-1.6 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...

6.1CVSS5.9AI score0.00489EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-12068

A Server-Side Request Forgery SSRF vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive data that is only accessible from the server, such...

7.5CVSS0.00646EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-12065

A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the server. The issue is due to improper input validation in the gradio web UI component...

7.5CVSS0.00873EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-12065

A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the server. The issue is due to improper input validation in the gradio web UI component...

7.5CVSS5.8AI score0.00873EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.3 views

CVE-2024-10225

A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service DoS by appending a large number of characters to the end of a multipart boundary in a file upload request. This causes the server to continuously process each character, rendering the application...

7.5CVSS5.8AI score0.00588EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.11 views

CVE-2024-9308 Open Redirect in haotian-liu/llava

An open redirect vulnerability in haotian-liu/llava version v1.2.0 LLaVA-1.6 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...

6.1CVSS0.00489EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.11 views

CVE-2024-9311 Cross-Site Request Forgery to XSS in haotian-liu/llava

A Cross-Site Request Forgery CSRF vulnerability in haotian-liu/llava v1.2.0 LLaVA-1.6 allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enabling the attacker to execute arbitrary JavaScript code...

6.1CVSS0.00199EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.9 views

CVE-2024-12065 Local File Inclusion in haotian-liu/llava

A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the server. The issue is due to improper input validation in the gradio web UI component...

7.5CVSS0.00873EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.5 views

CVE-2024-12065 Local File Inclusion in haotian-liu/llava

A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the server. The issue is due to improper input validation in the gradio web UI component...

7.5CVSS7.3AI score0.00873EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.41 views

CVE-2024-12065

CVE-2024-12065 affects the haotian-liu/llava project (commit c121f04). The vulnerability is a local file inclusion caused by improper input validation in the Gradio-based web UI component, allowing an attacker to access arbitrary files on the server via crafted requests. The collection of connect...

7.5CVSS7.3AI score0.00873EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/03/20 10:9 a.m.79 views

CVE-2024-9309

CVE-2024-9309 is a Server-Side Request Forgery (SSRF) affecting the Controller API Server of haotian-liu/llava v1.2.0 (LLaVA-1.6). The vulnerability exists in the POST /worker_generate_stream endpoint and could allow an attacker to leverage the server’s credentials to perform unauthorized web act...

9.3CVSS9.2AI score0.00473EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.7 views

CVE-2024-9309 SSRF in POST /worker_generate_stream API endpoint in haotian-liu/llava

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 LLaVA-1.6. This vulnerability allows attackers to exploit the victim Controller API Server's credentials to perform unauthorized...

9.3CVSS9.2AI score0.00473EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:8 a.m.7 views

CVE-2024-12068 Server-Side Request Forgery in haotian-liu/llava

A Server-Side Request Forgery SSRF vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive data that is only accessible from the server, such...

7.5CVSS7.5AI score0.00646EPSS
Exploits1References1
Rows per page
Query Builder