CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

121 matches found

Vulnrichment•added 2025/03/20 10:11 a.m.•4 views

CVE-2024-9901

...

4AI score

Exploits0

Cvelist•added 2025/03/20 10:11 a.m.•7 views

CVE-2024-9901

...

Exploits0

Vulnrichment•added 2025/03/20 10:9 a.m.•4 views

CVE-2024-9900 Cross-Site Scripting (XSS) in mudler/localai

mudler/localai version v2.21.1 contains a Cross-Site Scripting XSS vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts...

5.4CVSS5.5AI score0.00229EPSS

Exploits1References2

Cvelist•added 2025/03/20 10:9 a.m.•9 views

CVE-2024-9900 Cross-Site Scripting (XSS) in mudler/localai

5.4CVSS0.00229EPSS

Exploits1References2

CVE•added 2025/03/20 10:9 a.m.•91 views

CVE-2024-9900

LocalAI (github.com/mudler/LocalAI) is affected by a Cross-Site Scripting (XSS) vulnerability in its search functionality. The CVE-2024-9900 entry cites v2.21.1 as vulnerable, due to improper sanitization of user input, enabling injection and execution of arbitrary JavaScript in the victim’s brow...

6.1CVSS5.5AI score0.00229EPSS

Exploits1References2Affected Software1

CNNVD•added 2025/03/20 12:0 a.m.•3 views

LocalAI 安全漏洞

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A security vulnerability exists in LocalAI version v2.21.1, which stems from improper user input cleanup in the search function and could lead to a cross-site scripting attack...

6.1CVSS5AI score0.00229EPSS

Exploits1References2

Positive Technologies•added 2025/03/20 12:0 a.m.•5 views

PT-2025-12295 · Unknown · Mudler/Localai

Name of the Vulnerable Software and Affected Versions: mudler/localai version v2.21.1 mudler/localai versions prior to v2.22.0 Description: The issue arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the executio...

9.8CVSS7.8AI score0.91918EPSS

Exploits23References44

CNNVD•added 2025/03/20 12:0 a.m.•2 views

编号撤回

LocalAI is a free, open-source alternative to OpenAI by the individual developer Ettore Di Giacinto. This CVE number has been withdrawn...

4.7AI score

Exploits0References3

RedhatCVE•added 2025/02/05 6:38 a.m.•5 views

CVE-2024-5181

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

9.8CVSS7.7AI score0.01048EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 2:55 a.m.•12 views

CVE-2024-6983

mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the...

8.8CVSS9AI score0.04953EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 2:53 a.m.•7 views

CVE-2024-6868

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

9.8CVSS9.8AI score0.00486EPSS

Exploits1References1

Veracode•added 2024/11/19 6:34 a.m.•9 views

Timing Attack

mudler/LocalAI is vulnerable to Timing Attack. The vulnerability is due to a side-channel attack that exploits variations in response time during cryptographic operations, potentially exposing valid login credentials...

7.5CVSS6.7AI score0.00263EPSS

Exploits1References2Affected Software1

SUSE CVE•added 2024/11/08 3:52 a.m.•2 views

SUSE CVE-2024-48057

localai =2.20.1 is vulnerable to Cross Site Scripting XSS. When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage...

6.1CVSS6.4AI score0.00116EPSS

Exploits1References4

OSV•added 2024/11/06 5:21 p.m.•12 views

GO-2024-3253 LocalAI Cross-site Scripting vulnerability in github.com/mudler/LocalAI

LocalAI Cross-site Scripting vulnerability in github.com/mudler/LocalAI...

6.1CVSS6.2AI score0.00116EPSS

Exploits1References5

OSV•added 2024/11/05 12:31 a.m.•7 views

GHSA-GHX4-CGXW-7H9P LocalAI Cross-site Scripting vulnerability

6.1CVSS6.2AI score0.00116EPSS

Exploits1References7

Github Security Blog•added 2024/11/05 12:31 a.m.•20 views

LocalAI Cross-site Scripting vulnerability

6.1CVSS6.3AI score0.00116EPSS

Exploits1References6Affected Software1

OSV•added 2024/11/04 11:15 p.m.•1 views

CVE-2024-48057

6.1CVSS6.4AI score

Exploits0References2

NVD•added 2024/11/04 11:15 p.m.•14 views

CVE-2024-48057

6.1CVSS0.00116EPSS

Exploits1References2

Cvelist•added 2024/11/04 12:0 a.m.•12 views

CVE-2024-48057

0.00116EPSS

Exploits1References2

Positive Technologies•added 2024/11/04 12:0 a.m.•3 views

PT-2024-32972 · Localai +1 · Localai +1

Name of the Vulnerable Software and Affected Versions: localai versions =2.20.1 Description: The issue is related to a Cross Site Scripting XSS vulnerability. When the delete model API is called with inappropriate parameters, it can cause a one-time storage XSS. This will trigger the payload when...

8.8CVSS5.6AI score0.00417EPSS

Exploits2References35

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by