CVE-2024-10955

Vulnerability summary (CVE-2024-10955) A ReDoS flaw exists in the gaizhenbiao/chuanhuchatgpt server, caused by input parsing with the regex pattern ]+>. In Python’s regex engine, this can degenerate to polynomial time on crafted inputs, enabling an attacker to upload a malicious JSON payload t...

CVE-2024-8249 Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm

mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service DoS vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerability by sending a malformed JSON payload to the API endpoint, causing a server crash due to an...

CVE-2025-27415 Nuxt allows DOS via cache poisoning with payload rendering response

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as...

Linux Distros Unpatched Vulnerability : CVE-2023-6267

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being...

CVE-2022-41875

A remote code execution RCE vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE remote code execution on the attacked system running Optica. The vulnerability was patched in v...

CVE-2024-3029

In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the '/system/enable-multi-user' endpoint. This triggers an error that is caught by a catch block, which in turn deletes all users and disables the 'multiusermode'. The...

ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control

ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.02 Summary: ASPECT is an award-winning scalable building...

ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control Vulnerability

ABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper...

CVE-2024-40634

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to...

CVE-2024-40634

CVE-2024-40634 describes an unauthenticated denial-of-service in Argo CD via a crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation and potential OOM. Affected product: Argo CD (GitOps for Kubernetes); attack vector is network, no privileges required, no us...

GHSA-JMVP-698C-4X3W Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint

Summary This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to service disruption by triggering an Out Of Memory OOM kill. The issue...

LoLLMs Security Vulnerabilities

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs versions prior to 9.5, which stems from insufficient cleanup of the config parameter in the /applysettings function, allowing an attacker to manipulate...

pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload

pgAdmin = 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end...

CVE-2024-4216 XSS vulnerability in /settings/store API response json payload in pgAdmin 4

pgAdmin = 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end...

CVE-2024-3029

In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the '/system/enable-multi-user' endpoint. This triggers an error that is caught by a catch block, which in turn deletes all users and disables the 'multiusermode'. The...

CVE-2024-3029

In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the '/system/enable-multi-user' endpoint. This triggers an error that is caught by a catch block, which in turn deletes all users and disables the 'multiusermode'. The...

CVE-2024-3029 Improper Input Validation in mintplex-labs/anything-llm

In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the '/system/enable-multi-user' endpoint. This triggers an error that is caught by a catch block, which in turn deletes all users and disables the 'multiusermode'. The...

CVE-2024-3029

The CVE-2024-3029 issue affects mintplex-labs/anything-llm. A malformed JSON payload to /system/enable-multi-user triggers an error caught by a catch block that deletes all users and disables multi_user_mode, potentially allowing an attacker to remove existing users and create a new admin without...

CVE-2024-3029 Improper Input Validation in mintplex-labs/anything-llm

In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the '/system/enable-multi-user' endpoint. This triggers an error that is caught by a catch block, which in turn deletes all users and disables the 'multiusermode'. The...

PT-2024-23314 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: anything-llm affected versions not specified Description: The application is susceptible to a flaw due to improper input validation. An attacker can exploit this by sending a malformed JSON payload to the /system/enable-multi-user endpoint...