CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

53 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-2025

Malicious code in bioql PyPI...

9.1CVSS7.7AI score0.02492EPSS

Exploits1References4

RedhatCVE•added 2025/05/23 10:14 a.m.•4 views

CVE-2024-6095

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the...

5.8CVSS6.4AI score0.86379EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:20 a.m.•3 views

CVE-2024-3135

A Cross-Site Request Forgery CSRF vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers ...

6.5CVSS6.6AI score0.00112EPSS

Exploits1References1

SUSE CVE•added 2025/03/29 3:36 a.m.•1 views

SUSE CVE-2024-9900

mudler/localai version v2.21.1 contains a Cross-Site Scripting XSS vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts...

6.1CVSS6.4AI score0.00229EPSS

Exploits1References3

Vulnrichment•added 2025/03/20 10:9 a.m.•4 views

CVE-2024-9900 Cross-Site Scripting (XSS) in mudler/localai

5.4CVSS5.5AI score0.00229EPSS

Exploits1References2

Cvelist•added 2025/03/20 10:9 a.m.•8 views

CVE-2024-9900 Cross-Site Scripting (XSS) in mudler/localai

5.4CVSS0.00229EPSS

Exploits1References2

CVE•added 2025/03/20 10:9 a.m.•86 views

CVE-2024-9900

LocalAI (github.com/mudler/LocalAI) is affected by a Cross-Site Scripting (XSS) vulnerability in its search functionality. The CVE-2024-9900 entry cites v2.21.1 as vulnerable, due to improper sanitization of user input, enabling injection and execution of arbitrary JavaScript in the victim’s brow...

6.1CVSS5.5AI score0.00229EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2025/03/20 12:0 a.m.•4 views

PT-2025-12295 · Unknown · Mudler/Localai

Name of the Vulnerable Software and Affected Versions: mudler/localai version v2.21.1 mudler/localai versions prior to v2.22.0 Description: The issue arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the executio...

9.8CVSS7.8AI score0.9113EPSS

Exploits23References44

RedhatCVE•added 2025/02/05 2:55 a.m.•10 views

CVE-2024-6983

mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the...

8.8CVSS9AI score0.04953EPSS

Exploits1References1

OSV•added 2024/10/29 1:15 p.m.•9 views

CVE-2024-7010

mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...

5.9CVSS7.2AI score

Exploits0References2

NVD•added 2024/10/29 1:15 p.m.•15 views

CVE-2024-7010

7.5CVSS0.00263EPSS

Exploits1References2

NVD•added 2024/10/29 1:15 p.m.•11 views

CVE-2024-6868

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

9.8CVSS0.00486EPSS

Exploits1References2

OSV•added 2024/10/29 1:15 p.m.•10 views

CVE-2024-6868

9.8CVSS7.9AI score

Exploits0References2

CVE•added 2024/10/29 12:48 p.m.•43 views

CVE-2024-7010

The CVE-2024-7010 entry concerns mudler/localai version 2.17.1 and a Timing Attack vulnerability in password handling that leaks credentials by measuring cryptographic operation timing. This is a network-accessible side-channel issue with reported confidentiality impact, and multiple sources (NVD...

7.5CVSS6.8AI score0.00263EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2024/10/29 12:48 p.m.•16 views

CVE-2024-7010 Timing Attack in mudler/localai

7.5CVSS7.4AI score0.00263EPSS

Exploits1References2

Cvelist•added 2024/10/29 12:48 p.m.•15 views

CVE-2024-7010 Timing Attack in mudler/localai

7.5CVSS0.00263EPSS

Exploits1References2

Vulnrichment•added 2024/10/29 12:46 p.m.•13 views

CVE-2024-6868 Arbitrary File Write in mudler/LocalAI

8.1CVSS8.2AI score0.00486EPSS

Exploits1References2

CVE•added 2024/10/29 12:46 p.m.•42 views

CVE-2024-6868

CVE-2024-6868 affects mudler/LocalAI (version 2.17.1). The issue is improper handling of automatic archive extraction when model configurations specify archives (for example, .tar), causing archives to be extracted after download and enabling a potentially destructive “tarslip” that can write fil...

9.8CVSS8.5AI score0.00486EPSS

Exploits1References2Affected Software1

Cvelist•added 2024/10/29 12:46 p.m.•20 views

CVE-2024-6868 Arbitrary File Write in mudler/LocalAI

8.1CVSS0.00486EPSS

Exploits1References2

Positive Technologies•added 2024/10/29 12:0 a.m.•1 views

PT-2024-37915 · Unknown · Mudler/Localai

Name of the Vulnerable Software and Affected Versions: mudler/LocalAI version 2.17.1 Description: The issue arises from improper handling of automatic archive extraction in model configurations. When archives e.g., .tar are specified, they are automatically extracted after downloading, potentiall...

9.8CVSS8.7AI score0.00486EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by