Lucene search
K

16 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7014

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00846EPSS
Exploits1References2
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-11039

A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...

8.8CVSS0.01837EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.8 views

CVE-2024-12392 Server-Side Request Forgery (SSRF) in binary-husky/gpt_academic

A Server-Side Request Forgery SSRF vulnerability exists in binary-husky/gptacademic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerability to make the application access any URL,...

6.5CVSS0.00561EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.5 views

CVE-2024-12387 Improper Input Validation in binary-husky/gpt_academic

A vulnerability in the binary-husky/gptacademic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This iss...

6.5CVSS6.4AI score0.00671EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.6 views

CVE-2024-10714 Denial of Service in binary-husky/gpt_academic

A vulnerability in binary-husky/gptacademic version 3.83 allows an attacker to cause a Denial of Service DoS by adding excessive characters to the end of a multipart boundary during file upload. This results in the server continuously processing each character and displaying warnings, rendering t...

7.5CVSS7.4AI score0.00588EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.5 views

CVE-2024-12391 Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic

A vulnerability in binary-husky/gptacademic, as of commit 310122f, allows for a Regular Expression Denial of Service ReDoS attack. The function '解析项目源码(手动指定和筛选源码文件类型)' permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take...

6.5CVSS6.6AI score0.00846EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.44 views

CVE-2024-12388

CVE-2024-12388 concerns a Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic (version 310122f). The vulnerability arises from a regex used to parse user input, whose matching time can grow polynomially for crafted inputs, potentially rendering the server unresponsive and un...

6.5CVSS6.4AI score0.00671EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.7 views

CVE-2024-11039 Deserialization of Untrusted Data in binary-husky/gpt_academic

A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...

8.8CVSS0.01837EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.8 views

CVE-2024-10812 Open Redirect in binary-husky/gpt_academic

An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...

6.1CVSS6.2AI score0.00574EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.10 views

CVE-2024-11031 SSRF in binary-husky/gpt_academic

In version 3.83 of binary-husky/gptacademic, a Server-Side Request Forgery SSRF vulnerability exists in the MarkdownTranslate.getfilesfromeverything API. This vulnerability is exploited through the HotReloadMarkdown翻译中 plugin function, which allows downloading arbitrary web hosts by only checking...

7.7CVSS0.00616EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:8 a.m.6 views

CVE-2024-11037 Path Traversal in binary-husky/gpt_academic

A path traversal vulnerability exists in binary-husky/gptacademic at commit 679352d, which allows an attacker to bypass the blockedpaths protection and read the config.py file containing sensitive information such as the OpenAI API key. This vulnerability is exploitable on Windows operating syste...

6.5CVSS6.3AI score0.00969EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.6 views

PT-2025-12133 · Unknown +1 · Binary-Husky/Gpt Academic +1

Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version git 310122f Description: A vulnerability in binary-husky/gpt academic allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python...

8.8CVSS9.1AI score0.01478EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.6 views

PT-2025-12132 · Unknown +1 · Binary-Husky/Gpt Academic +1

Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version git 310122f Description: A path traversal vulnerability exists in the application. The application extracts user-provided 7z files without proper validation. The Python py7zr package used for extraction does...

8.8CVSS8.8AI score0.01478EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.5 views

PT-2025-12082 · Unknown · Binary-Husky/Gpt Academic

Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic affected versions not specified Description: A vulnerability in the upload function allows any user to read arbitrary files on the system, including sensitive files such as config.py. An attacker can exploit this iss...

6.5CVSS6.3AI score0.00772EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.8 views

PT-2025-12090 · Unknown · Binary-Husky/Gpt Academic

Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version 3.83 Description: A Denial of Service DoS vulnerability exists in the file upload feature due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this b...

6.5CVSS6.3AI score0.00671EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.4 views

PT-2024-16028 · Unknown · Binary-Husky/Gpt Academic

Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version 3.83 Description: A stored cross-site scripting XSS vulnerability exists in the software. The vulnerability occurs at the "/file" endpoint, which renders HTML files. Malicious HTML files containing XSS payloa...

5.4CVSS5.4AI score0.00323EPSS
Exploits1References8
Rows per page
Query Builder