Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

121 matches found

CNNVD
CNNVDadded 2024/07/06 12:0 a.m.1 views

LocalAI Code Issues Vulnerabilities

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A code issue vulnerability exists in LocalAI version 2.15.0, which stems from a cross-site request forgery and local file inclusion vulnerability in the /models/apply API...

5.8CVSS6.8AI score0.86379EPSS
Exploits1References3
OSV
OSVadded 2024/06/28 3:28 p.m.16 views

GO-2024-2938 LocalAI path traversal vulnerability in github.com/go-skynet/LocalAI

LocalAI path traversal vulnerability in github.com/go-skynet/LocalAI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest...

9.1CVSS8.3AI score0.02492EPSS
Exploits1References4
NVD
NVDadded 2024/06/26 3:15 a.m.14 views

CVE-2024-5181

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

9.8CVSS0.01048EPSS
Exploits1References2
OSV
OSVadded 2024/06/26 3:15 a.m.10 views

CVE-2024-5181

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

9.8CVSS7.6AI score
Exploits0References2
CVE
CVEadded 2024/06/26 2:53 a.m.55 views

CVE-2024-5181

CVE-2024-5181 – mudler/localai (v2.14.0) : A command injection flaw arises from how the backend parameter in the configuration file is used to name the initialized process, enabling an attacker to manipulate the path of the vulnerable binary and execute arbitrary code. The issue stems from improp...

9.8CVSS9.7AI score0.01048EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2024/06/26 2:53 a.m.12 views

CVE-2024-5181 Command Injection in mudler/localai

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

9.8CVSS7.7AI score0.01048EPSS
Exploits1References2
Cvelist
Cvelistadded 2024/06/26 2:53 a.m.16 views

CVE-2024-5181 Command Injection in mudler/localai

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

9.8CVSS0.01048EPSS
Exploits1References2
CNNVD
CNNVDadded 2024/06/26 12:0 a.m.2 views

LocalAI Operating System Command Injection Vulnerability

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. An OS command injection vulnerability exists in localai version 2.14.0, which stems from improper neutralization of special elements used in OS commands, allowing an attacker to execute arbitrar...

9.8CVSS8.3AI score0.01048EPSS
Exploits1References3
OSV
OSVadded 2024/06/20 12:30 a.m.11 views

GHSA-CPCX-R2GQ-X893 LocalAI path traversal vulnerability

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

8.7CVSS8.3AI score0.02492EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2024/06/20 12:30 a.m.14 views

LocalAI path traversal vulnerability

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

9.1CVSS6.8AI score0.02492EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2024/06/20 12:15 a.m.16 views

CVE-2024-5182

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

9.1CVSS6.7AI score
Exploits0References2
NVD
NVDadded 2024/06/20 12:15 a.m.13 views

CVE-2024-5182

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

9.1CVSS0.02492EPSS
Exploits1References2
Cvelist
Cvelistadded 2024/06/19 11:30 p.m.18 views

CVE-2024-5182 Path Traversal in mudler/localai

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

7.5CVSS0.02492EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2024/06/19 11:30 p.m.14 views

CVE-2024-5182 Path Traversal in mudler/localai

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

7.5CVSS6.8AI score0.02492EPSS
Exploits1References2
CVE
CVEadded 2024/06/19 11:30 p.m.47 views

CVE-2024-5182

CVE-2024-5182 describes a path traversal vulnerability in mudler/localai 2.14.0 where an attacker can exploit the manipulated, input-validated model parameter during the model deletion process to delete arbitrary files. The issue arises from insufficient input validation and sanitization of the m...

9.1CVSS8.3AI score0.02492EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2024/06/19 12:0 a.m.3 views

PT-2024-34946 · Go Skynet · Localai

Name of the Vulnerable Software and Affected Versions: mudler/localai version 2.14.0 github.com/go-skynet/LocalAI before v2.16.0 Description: A path traversal vulnerability exists, allowing an attacker to exploit the model parameter during the model deletion process to delete arbitrary files. By...

9.1CVSS7.7AI score0.02492EPSS
Exploits1References10
CNNVD
CNNVDadded 2024/06/19 12:0 a.m.1 views

LocalAI Path Traversal Vulnerability

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A path traversal vulnerability exists in LocalAI version 2.14.0, which stems from the presence of a path traversal vulnerability that could allow an attacker to utilize the model parameter durin...

9.1CVSS6.8AI score0.02492EPSS
Exploits1References4
OSV
OSVadded 2024/06/05 3:10 p.m.9 views

GO-2024-2717 LocalAI Command Injection in audioToWav in github.com/go-skynet/LocalAI

LocalAI Command Injection in audioToWav in github.com/go-skynet/LocalAI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

9.8CVSS9.6AI score0.01829EPSS
Exploits1References4
OSV
OSVadded 2024/06/05 3:10 p.m.9 views

GO-2024-2705 LocalAI cross-site request forgery vulnerability in github.com/go-skynet/LocalAI

LocalAI cross-site request forgery vulnerability in github.com/go-skynet/LocalAI...

6.5CVSS6.4AI score0.00112EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2024/04/10 6:30 p.m.20 views

LocalAI Command Injection in audioToWav

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...

9.8CVSS8.1AI score0.01829EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder