12 matches found
CVE-2026-13508 khoj-ai khoj Conversation Sharing api_chat.py authorization
A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...
CVE-2026-13508 khoj-ai khoj Conversation Sharing api_chat.py authorization
A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...
CVE-2026-54009 Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an imageurl.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the...
CVE-2026-45349 Open WebUI: Broken Access Control for Completions API
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user just needs to use the API endpoint: /api/chat/completions with their own API key generated in OWUI and the Chat ID of another user to continue the conversation of the other...
CVE-2025-15514 Ollama Multi-Modal Model Image Processing NULL Pointer Dereference
Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid...
PT-2026-2320
Name of the Vulnerable Software and Affected Versions Ollama versions 0.11.5-rc0 through 0.13.5 Description Ollama contains a flaw due to insufficient validation of base64-encoded image data. Specifically, when processing image data through the /api/chat endpoint, the application does not verify...
Malicious code in langflow-api-chat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0d493794349f9fd072b31947424562afcd5b86b1fd642a42cf613d4b363f5cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview langflow-api-chat is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-48030 Malicious code in langflow-api-chat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0d493794349f9fd072b31947424562afcd5b86b1fd642a42cf613d4b363f5cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in api-chat-fanpage-facebook (npm)
The package api-chat-fanpage-facebook was found to contain malicious code...
MAL-2025-14638 Malicious code in api-chat-fanpage-facebook (npm)
The package api-chat-fanpage-facebook was found to contain malicious code...
MAL-2025-9146 Malicious code in @oraliepham/api-chat-fanpage-facebook (npm)
The package @oraliepham/api-chat-fanpage-facebook was found to contain malicious code...