Lucene search
K

103 matches found

Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.8 views

CVE-2024-10812 Open Redirect in binary-husky/gpt_academic

An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...

6.1CVSS6.2AI score0.00569EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.81 views

CVE-2024-10812

CVE-2024-10812 affects binary-husky/gpt_academic (v3.83) with an open redirect via the file parameter. The Nuclei template for GPT Academic v1.3.9 confirms the issue arises from user-controlled input that redirects to attacker-controlled URLs, enabling phishing, malware distribution, and credenti...

6.1CVSS6.2AI score0.00569EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/03/20 10:9 a.m.43 views

CVE-2024-11031

Vulnerability: binary-husky/gpt_academic v3.83 has an SSRF flaw in Markdown_Translate.get_files_from_everything() exploitable via the HotReload plugin, which trusts HTTP links to fetch arbitrary hosts and can leverage the victim GPT Academic’s Gradio Web server credentials. Documented impact: una...

7.7CVSS7.5AI score0.00616EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.8 views

CVE-2024-11031 SSRF in binary-husky/gpt_academic

In version 3.83 of binary-husky/gptacademic, a Server-Side Request Forgery SSRF vulnerability exists in the MarkdownTranslate.getfilesfromeverything API. This vulnerability is exploited through the HotReloadMarkdown翻译中 plugin function, which allows downloading arbitrary web hosts by only checking...

7.7CVSS7.5AI score0.00616EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.9 views

CVE-2024-11031 SSRF in binary-husky/gpt_academic

In version 3.83 of binary-husky/gptacademic, a Server-Side Request Forgery SSRF vulnerability exists in the MarkdownTranslate.getfilesfromeverything API. This vulnerability is exploited through the HotReloadMarkdown翻译中 plugin function, which allows downloading arbitrary web hosts by only checking...

7.7CVSS0.00616EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:8 a.m.48 views

CVE-2024-11037

CVE-2024-11037 affects binary-husky/gpt_academic. A path traversal flaw at commit 679352d allows bypassing blocked_paths and reading config.py containing sensitive data (e.g., OpenAI API key). Exploitation is described as Windows-specific via a URL containing the project’s absolute path. No mitig...

6.5CVSS6.3AI score0.00969EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:8 a.m.6 views

CVE-2024-11037 Path Traversal in binary-husky/gpt_academic

A path traversal vulnerability exists in binary-husky/gptacademic at commit 679352d, which allows an attacker to bypass the blockedpaths protection and read the config.py file containing sensitive information such as the OpenAI API key. This vulnerability is exploitable on Windows operating syste...

6.5CVSS0.00969EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:8 a.m.6 views

CVE-2024-11037 Path Traversal in binary-husky/gpt_academic

A path traversal vulnerability exists in binary-husky/gptacademic at commit 679352d, which allows an attacker to bypass the blockedpaths protection and read the config.py file containing sensitive information such as the OpenAI API key. This vulnerability is exploitable on Windows operating syste...

6.5CVSS6.3AI score0.00969EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.5 views

PT-2025-12065 · Unknown · Binary-Husky/Gpt Academic

Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version 3.83 Description: An open redirect issue exists, allowing attackers to exploit user-controlled input in the file parameter for malicious purposes, such as phishing, malware distribution, and credential theft...

6.1CVSS6.1AI score0.00569EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.6 views

PT-2025-12133 · Unknown +1 · Binary-Husky/Gpt Academic +1

Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version git 310122f Description: A vulnerability in binary-husky/gpt academic allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python...

8.8CVSS9.1AI score0.01478EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.7 views

PT-2025-12090 · Unknown · Binary-Husky/Gpt Academic

Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version 3.83 Description: A Denial of Service DoS vulnerability exists in the file upload feature due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this b...

6.5CVSS6.3AI score0.00671EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.5 views

PT-2025-12082 · Unknown · Binary-Husky/Gpt Academic

Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic affected versions not specified Description: A vulnerability in the upload function allows any user to read arbitrary files on the system, including sensitive files such as config.py. An attacker can exploit this iss...

6.5CVSS6.3AI score0.00772EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.6 views

PT-2025-12132 · Unknown +1 · Binary-Husky/Gpt Academic +1

Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version git 310122f Description: A path traversal vulnerability exists in the application. The application extracts user-provided 7z files without proper validation. The Python py7zr package used for extraction does...

8.8CVSS8.8AI score0.01478EPSS
Exploits1References6
NVD
NVD
added 2024/10/17 7:15 p.m.21 views

CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

7.5CVSS0.00612EPSS
Exploits1References1
OSV
OSV
added 2024/10/17 7:15 p.m.2 views

CVE-2024-10101

A stored cross-site scripting XSS vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloa...

5.4CVSS5.3AI score
Exploits0References1
OSV
OSV
added 2024/10/17 7:15 p.m.4 views

CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

7.5CVSS6.7AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/17 6:12 p.m.9 views

CVE-2024-10101 Stored XSS in binary-husky/gpt_academic

A stored cross-site scripting XSS vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloa...

5.4CVSS5.1AI score0.00323EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/17 6:12 p.m.11 views

CVE-2024-10101 Stored XSS in binary-husky/gpt_academic

A stored cross-site scripting XSS vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloa...

5.4CVSS0.00323EPSS
Exploits1References1
CVE
CVE
added 2024/10/17 6:12 p.m.46 views

CVE-2024-10101

CVE-2024-10101 concerns a stored XSS in binary-husky/gpt_academic v3.83, occurring at the /file endpoint which renders HTML files. Malicious HTML uploads stored on the backend can trigger payload execution in a victim’s browser when the file is accessed, potentially exposing session cookies or ot...

5.4CVSS5.3AI score0.00323EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/10/17 6:12 p.m.19 views

CVE-2024-10100 Path Traversal in binary-husky/gpt_academic

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

6.5CVSS0.00612EPSS
Exploits1References1
Rows per page
Query Builder