CVE-2024-24566 Lobe Chat unauthorized access to plugins

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected deployed with the ACCESSCODE option, it is possible to access plugins without proper authorization without password. This vulnerabili...

Command Execution Vulnerability in Cloud Calling System of Xiamen Sanshouxin Network Technology Co.

Xiamen Sanshouxin Network Technology Co., Ltd. is mainly engaged in call center seats, systems, equipment, line integration services, is now mainly engaged in the rental and sale of call centers, outsourcing companies, communication networks on behalf of the construction of the business. Xiamen...

SQL Injection Vulnerability in Letter Call OA System (CNVD-2019-23864)

Xinhuo Co-operation Office System is an open source and cross-platform office system. SQL injection vulnerability exists in Xinhao OA system, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Uni Call Calling System

Uni Call Customer Service Edition is a professional software application platform designed for inbound customer service centers. A SQL injection vulnerability exists in the Uni Call call system. The lack of filtering of the /uncalllib/index.php parameter allows attackers to exploit the...