Lucene search
+L

28 matches found

CNNVD
CNNVD
added 2026/01/30 12:0 a.m.8 views

LobeHub security vulnerability

LobeHub is an open-source AI dialogue framework developed by LobeHub. Versions of LobeHub prior to 1.143.3 contained security vulnerabilities. These vulnerabilities stemmed from the file upload feature not verifying the integrity of requests and allowing manipulation of the file size parameter...

7.2CVSS5.8AI score0.0033EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/19 5:49 p.m.3 views

Access Control Bypass

Overview @lobehub/lobehub is a LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...

6.3CVSS5.6AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/18 11:48 p.m.8 views

Arbitrary Code Injection

Overview @lobehub/lobehub is a LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...

9.1CVSS6.2AI score0.00123EPSS
Exploits0References2
Veracode
Veracode
added 2025/11/03 3:5 p.m.5 views

Cross-site Scripting (XSS)

@lobehub/cha is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to unsafe SVG rendering due to SVGRenderer using dangerouslySetInnerHTML for image/svg+xml lobeArtifact content. An attacker can inject malicious SVGs via chat messages...

7.7CVSS6.1AI score0.00371EPSS
Exploits1References2Affected Software1
Circl
Circl
added 2025/10/17 9:26 a.m.14 views

CVE-2025-62505

creationtimestamp| type| source ---|---|--- 2025-10-17 09:26:18+00:00| published-proof-of-concept| https://github.com/lobehub/lobehub/security/advisories/GHSA-fgx4-p8xf-qhp9...

3CVSS5.8AI score0.003EPSS
Exploits0References1
Circl
Circl
added 2025/09/18 2:23 p.m.9 views

CVE-2025-59417

creationtimestamp| type| source ---|---|--- 2025-09-18 14:23:53+00:00| published-proof-of-concept| https://github.com/lobehub/lobehub/security/advisories/GHSA-m79r-r765-5f9j...

7.7CVSS5.8AI score0.00371EPSS
Exploits1References1
Circl
Circl
added 2024/05/10 6:13 a.m.7 views

CVE-2024-32964

creationtimestamp| type| source ---|---|--- 2024-05-10 06:13:02+00:00| published-proof-of-concept| https://github.com/lobehub/lobehub/security/advisories/GHSA-mxhq-xw3g-rphc...

9CVSS7.3AI score0.52683EPSS
Exploits2References1
OSV
OSV
added 2024/01/31 6:4 p.m.84 views

GHSA-PF55-FJ96-XF37 @lobehub/chat vulnerable to unauthorized access to plugins

Description: When the application is password-protected deployed with the ACCESSCODE option, it is possible to access plugins without proper authorization without password. Proof-of-Concept: Let’s suppose that application has been deployed with following command: sudo docker run -d -p 3210:3210 -...

5.3CVSS5.1AI score0.00482EPSS
Exploits1References4
Rows per page
Query Builder