CVE-2024-32965 ssrf vulnerability in lobe-chat

Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header...

CVE-2024-32965 ssrf vulnerability in lobe-chat

Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header...

PT-2024-25012 · Openai · Openai Api

Name of the Vulnerable Software and Affected Versions: lobe-chat versions prior to 1.19.13 Description: Lobe Chat is an open-source, AI chat framework. The issue allows an attacker to construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive...

PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries

Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index PyPI repository that impersonated popular artificial intelligence AI models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer. The packages, named...

Mozilla 0Din Warns of ChatGPT Sandbox Flaws Enabling Python Execution

Mozilla's 0Din uncovers critical flaws in ChatGPT's sandbox, allowing Python code execution and access to internal configurations. OpenAI…...

CVE-2024-52377 WordPress Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin <= 1.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in bdthemes Instant Image Generator ai-image allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through = 1.5.2...

CVE-2024-52384 WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation plugin <= 2.4.9 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in wpmonks Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generatio...

CVE-2024-52384

The WordPress plugin Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation is vulnerable to Unrestricted Upload of File with Dangerous Type (CVE-2024-52384) up to version 2.4.9. The issue, caused by unrestricted file uploads, could allow an attacker to upload a web shell to the ...

WordPress Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin <= 1.5.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Instant Image Generator versions = 1.5.2...

WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation Plugin <= 2.4.9 is vulnerable to Arbitrary File Upload

Software Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation Type Plugin Vulnerable versions = 2.4.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52384 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID...

NuGet Package 'OpenAI' Detection

The remote host has a 'OpenAI' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

ai.optfor:spring-openai-api (>=0.1.3 <=0.3.25), ai.timefold.solver:timefold-solver-spring-boot-autoconfigure (>=1.0.0 <=1.4.0) +7517 more potentially affected by CVE-2024-38820 via org.springframework:spring-context (>=6.0.0 <=6.0.23)

org.springframework:spring-context MAVEN version =6.0.0, =0.1.3, =1.0.0, =1.0.0, =0.1.6, =0.0.2, =0.0.6, =0.0.6, =1.3.0, =4.6.18, =4.0.0, =1.0.0, =2.1.0.RELEASE, =2.1.2.RELEASE and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...

THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7 - Oct 13)

Hey there, it's your weekly dose of "what the heck is going on in cybersecurity land " – and trust me, you NEED to be in the loop this time. We've got everything from zero-day exploits and AI gone rogue to the FBI playing crypto kingpin – it's full of stuff they don't 🤫 want you to know. So let's...

MAL-2024-9175 Malicious code in openai-examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0209fe94e2a98b2966850b302c4c2dda331437ead2871a609a8677cdc85516fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in openai-examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0209fe94e2a98b2966850b302c4c2dda331437ead2871a609a8677cdc85516fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9174 Malicious code in openai-bun-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 224d5cc373a08c5cb79261ea9fc3c71f16a5b2b64a3582fd82a1f624e541448d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in openai-bun-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 224d5cc373a08c5cb79261ea9fc3c71f16a5b2b64a3582fd82a1f624e541448d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview openai-bun-test is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Malicious Package

Overview openai-bun-test is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...

AI Pulse: What's new in AI regulations?

Fall is in the air and frameworks for mitigating AI risk are dropping like leaves onto policymakers’ desks. From California’s SB 1047 bill and NIST’s model-testing deal with OpenAI and Anthropic to REAIM’s blueprint for military AI governance, AI regulation is proving to be a hot and complicated...