EUVD-2026-33332

OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...

AnythingLLM 参数注入漏洞

AnythingLLM is an integrated AI application open source by Mintplex. Versions of AnythingLLM prior to 1.13.0 had a parameter injection vulnerability. This vulnerability stemmed from the filesystem-search-files proxy skill directly passing mode parameters controlled by the LLM as position paramete...

CVE-2026-45315

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

CVE-2026-40502

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...

CVE-2026-40502 OpenHarness Remote Administrative Command Injection via Gateway Handler

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...

CVE-2026-40502 OpenHarness Remote Administrative Command Injection via Gateway Handler

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...

EUVD-2026-23143

OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...

CVE-2026-40503 OpenHarness Path Traversal Information Disclosure via /memory show

OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...

CVE-2026-40503

OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...

OpenHarness 安全漏洞

OpenHarness is a lightweight development and runtime framework for Data Intelligence Lab@HKU. Previous versions of OpenHarness had security vulnerabilities, which stemmed from insufficient differentiation between local commands and remote secure commands processed by the gateway. This vulnerabili...

PT-2026-33196

OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...

CVE-2026-4982

CVE-2026-4982 affects Venueless where a user with the privilege “update world” can exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The vulnerability arises from the reporting component allowing cross-world access ...

DNS Rebinding

sillytavern is vulnerable to DNS rebinding. The vulnerability is due to improper host validation in the web UI, which allows an attacker to exploit it by installing malicious extensions, reading chats, and injecting arbitrary HTML for phishing...

EUVD-2021-14399

Malware in sbrugna...

EUVD-2025-23599

Malicious code in bioql PyPI...

EUVD-2022-44889

Malicious code in bioql PyPI...

CVE-2025-58177 n8n stored cross-site scripting in LangChain Chat Trigger node initialMessages parameter

n8n is an open source workflow automation platform. From 1.24.0 to before 1.107.0, there is a stored cross-site scripting XSS vulnerability in @n8n/n8n-nodes-langchain.chatTrigger. An authorized user can configure the LangChain Chat Trigger node with malicious JavaScript in the initialMessages...

CVE-2025-54868

LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without...

CVE-2025-54868 LibreChat exposes arbitrary chats through Meilisearch engine

LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without...

CVE-2025-51867

CVE-2025-51867 affects Deepfiction AI and is an Insecure Direct Object Reference (IDOR) vulnerability exploiting the /browse/stories endpoint to let an attacker chat with the LLM using other users’ credits. Root cause: improper access controls exposing sensitive information tied to user credits. ...