Lucene search
K

19 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/28 6:42 a.m.3 views

CVE-2026-40966

In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input a...

5.9CVSS5.2AI score0.00233EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/27 12:0 a.m.5 views

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-advisors-vector-store is a Chat client advisors for Spring AI Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the conversationId handling in VectorStoreChatMemoryAdvisor. An attacker...

8.2CVSS5.8AI score0.00233EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2026/03/05 4:2 p.m.15 views

Malicious AI Assistant Extensions Harvest LLM Chat Histories

Microsoft Defender has been investigating reports of malicious Chromium‑based browser extensions that impersonate legitimate AI assistant tools to harvest LLM chat histories and browsing data. Reporting indicates these extensions have reached approximately 900,000 installs. Microsoft Defender...

6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/05 4:2 p.m.24 views

Malicious AI Assistant Extensions Harvest LLM Chat Histories

Microsoft Defender has been investigating reports of malicious Chromium‑based browser extensions that impersonate legitimate AI assistant tools to harvest LLM chat histories and browsing data. Reporting indicates these extensions have reached approximately 900,000 installs. Microsoft Defender...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6910

Malicious code in bioql PyPI...

8.8CVSS8.1AI score0.0055EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/03/22 11:17 a.m.7 views

CVE-2024-8613

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of...

8.8CVSS6.8AI score0.0055EPSS
Exploits1References1
PyPA
PyPA
added 2025/03/20 10:15 a.m.25 views

PYSEC-2025-97

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than being read from a secu...

8.1CVSS7.3AI score0.00581EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/03/20 10:15 a.m.7 views

CVE-2024-8613

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of...

8.8CVSS7AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 3:11 a.m.14 views

CVE-2024-6090

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...

7.5CVSS7.4AI score0.00852EPSS
Exploits1References1
Wired Threat Level
Wired Threat Level
added 2025/01/01 11:0 a.m.11 views

Hey, Maybe It's Time to Delete Some Old Chat Histories

Your messages going back years are likely still lurking online, potentially exposing sensitive information you forgot existed. But there's no time like the present to do some digital decluttering...

6.8AI score
Exploits0
NVD
NVD
added 2024/10/29 1:15 p.m.21 views

CVE-2024-8143

In the latest version 20240628 of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint...

6.5CVSS0.00479EPSS
Exploits1References2
PyPA
PyPA
added 2024/10/29 1:15 p.m.8 views

PYSEC-2024-113

In the latest version 20240628 of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint...

6.5CVSS6.5AI score0.00479EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/10/29 1:15 p.m.35 views

PYSEC-2024-113

In the latest version 20240628 of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint...

4.3CVSS6.4AI score0.00479EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/29 12:49 p.m.13 views

CVE-2024-8143 Unauthorized Access to User Chat History in gaizhenbiao/chuanhuchatgpt

In the latest version 20240628 of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint...

6.5CVSS6.7AI score0.00479EPSS
Exploits1References2
NVD
NVD
added 2024/06/27 7:15 p.m.24 views

CVE-2024-6090

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...

7.5CVSS0.00852EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/06/27 6:40 p.m.15 views

CVE-2024-6090 Path Traversal Vulnerability in gaizhenbiao/chuanhuchatgpt

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...

7.5CVSS6.8AI score0.00852EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/27 6:40 p.m.25 views

CVE-2024-6090 Path Traversal Vulnerability in gaizhenbiao/chuanhuchatgpt

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...

7.5CVSS0.00852EPSS
Exploits1References2
CVE
CVE
added 2024/06/27 6:40 p.m.51 views

CVE-2024-6090

CVE-2024-6090 is a path traversal vulnerability in gaizhenbiao/chuanhuchatgpt (version 20240410). The underlying issue allows an attacker to delete other users’ chat histories and, per reports, any files ending in .json on the target system, which can cause a denial of service by breaking authent...

7.5CVSS7.4AI score0.00852EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/06/04 8:15 p.m.13 views

CVE-2024-4520

An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation ...

7.5CVSS6.5AI score
Exploits0References2
Rows per page
Query Builder