31 matches found
EUVD-2024-44430
Malicious code in bioql PyPI...
EUVD-2025-6981
Malicious code in bioql PyPI...
CVE-2024-6229
A stored cross-site scripting XSS vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever an...
Denial Of Service (DoS)
quivr-core is vulnerable to Denial Of Service DoS. The vulnerability is due to improper request handling due to the file upload feature allowing unauthenticated attackers to append characters to a multipart boundary in an HTTP request, causing excessive resource consumption and rendering the...
Quivr unauthenticated Denial of Service (DoS) via Multipart Boundary
A Denial of Service DoS vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server continuously processing ea...
GHSA-M76R-XQQJ-MQMV Quivr unauthenticated Denial of Service (DoS) via Multipart Boundary
A Denial of Service DoS vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server continuously processing ea...
CVE-2024-6583
A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request...
CVE-2024-6583
A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request...
CVE-2024-9229 Denial of Service (DoS) via Multipart Boundary in stangirard/quivr
A Denial of Service DoS vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server continuously processing ea...
CVE-2024-6583 Path Traversal in stangirard/quivr
A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request...
Quivr 资源管理错误漏洞
Quivr is an artificial intelligence application open-sourced by Quivr. A resource management error vulnerability exists in Quivr version v0.0.298, which stems from excessive resource consumption due to multi-part boundary character appending in the file upload feature, potentially leading to a...
Quivr 安全漏洞
Quivr is an artificial intelligence application open-sourced by Quivr. A security vulnerability exists in Quivr that stems from a path traversal that allows an attacker to upload a file to an arbitrary path in an S3 bucket...
CVE-2024-4851
A Server-Side Request Forgery SSRF vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs...
Cross-Site Scripting (XSS)
quivr is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of URL uploads, allowing users to insert malicious JavaScript payloads. Attackers can use this to execute JavaScript whenever any user clicks on a link containing the payload...
CVE-2024-6229
A stored cross-site scripting XSS vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever an...
CVE-2024-6229 Stored XSS in stangirard/quivr
A stored cross-site scripting XSS vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever an...
CVE-2024-6229
CVE-2024-6229 is a stored XSS vulnerability in stangirard/quivr’s Upload Knowledge feature. An attacker can upload a URL-based file containing malicious JavaScript, which is stored on the server and executed when users click the payload-containing link, potentially enabling data theft and session...
Quivr Cross-Site Scripting Vulnerability
Quivr is an Artificial Intelligence application from Quivr Open Source. A cross-site scripting vulnerability exists in Quivr that stems from a stored cross-site scripting XSS vulnerability in the Upload Knowledge feature. An attacker exploiting this vulnerability could upload a file via a URL,...
CVE-2024-5885
stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery SSRF vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain acces...
CVE-2024-5885
stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery SSRF vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain acces...