Lucene search
K

12 matches found

Cvelist
Cvelist
added 2026/06/28 9:45 p.m.32 views

CVE-2026-13508 khoj-ai khoj Conversation Sharing api_chat.py authorization

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...

6.5CVSS0.00165EPSS
Exploits0References7
OSV
OSV
added 2026/06/28 9:45 p.m.4 views

CVE-2026-13508 khoj-ai khoj Conversation Sharing api_chat.py authorization

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...

5.1CVSS5.7AI score0.00165EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/23 4:49 p.m.49 views

CVE-2026-54009 Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/chat/completions accepts an imageurl.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the...

6.5CVSS0.00225EPSS
Exploits1References1
OSV
OSV
added 2026/05/15 7:20 p.m.3 views

CVE-2026-45349 Open WebUI: Broken Access Control for Completions API

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a user just needs to use the API endpoint: /api/chat/completions with their own API key generated in OWUI and the Chat ID of another user to continue the conversation of the other...

7.1CVSS7AI score0.00231EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/12 11:3 p.m.25 views

CVE-2025-15514 Ollama Multi-Modal Model Image Processing NULL Pointer Dereference

Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid...

8.7CVSS0.00698EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.32 views

PT-2026-2320

Name of the Vulnerable Software and Affected Versions Ollama versions 0.11.5-rc0 through 0.13.5 Description Ollama contains a flaw due to insufficient validation of base64-encoded image data. Specifically, when processing image data through the /api/chat endpoint, the application does not verify...

8.7CVSS6.8AI score0.00698EPSS
Exploits1References12
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/08 12:37 a.m.5 views

Malicious code in langflow-api-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0d493794349f9fd072b31947424562afcd5b86b1fd642a42cf613d4b363f5cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2025/10/08 12:37 a.m.4 views

Malicious Package

Overview langflow-api-chat is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/10/08 12:37 a.m.9 views

MAL-2025-48030 Malicious code in langflow-api-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0d493794349f9fd072b31947424562afcd5b86b1fd642a42cf613d4b363f5cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in api-chat-fanpage-facebook (npm)

The package api-chat-fanpage-facebook was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-14638 Malicious code in api-chat-fanpage-facebook (npm)

The package api-chat-fanpage-facebook was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-9146 Malicious code in @oraliepham/api-chat-fanpage-facebook (npm)

The package @oraliepham/api-chat-fanpage-facebook was found to contain malicious code...

7.2AI score
Exploits0
Rows per page
Query Builder