19 matches found
CVE-2026-40966
In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input a...
Improper Neutralization of Special Elements in Data Query Logic
Overview org.springframework.ai:spring-ai-advisors-vector-store is a Chat client advisors for Spring AI Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the conversationId handling in VectorStoreChatMemoryAdvisor. An attacker...
Malicious AI Assistant Extensions Harvest LLM Chat Histories
Microsoft Defender has been investigating reports of malicious Chromium‑based browser extensions that impersonate legitimate AI assistant tools to harvest LLM chat histories and browsing data. Reporting indicates these extensions have reached approximately 900,000 installs. Microsoft Defender...
Malicious AI Assistant Extensions Harvest LLM Chat Histories
Microsoft Defender has been investigating reports of malicious Chromium‑based browser extensions that impersonate legitimate AI assistant tools to harvest LLM chat histories and browsing data. Reporting indicates these extensions have reached approximately 900,000 installs. Microsoft Defender...
EUVD-2025-6910
Malicious code in bioql PyPI...
CVE-2024-8613
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of...
PYSEC-2025-97
An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than being read from a secu...
CVE-2024-8613
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of...
CVE-2024-6090
A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...
Hey, Maybe It's Time to Delete Some Old Chat Histories
Your messages going back years are likely still lurking online, potentially exposing sensitive information you forgot existed. But there's no time like the present to do some digital decluttering...
CVE-2024-8143
In the latest version 20240628 of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint...
PYSEC-2024-113
In the latest version 20240628 of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint...
PYSEC-2024-113
In the latest version 20240628 of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint...
CVE-2024-8143 Unauthorized Access to User Chat History in gaizhenbiao/chuanhuchatgpt
In the latest version 20240628 of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint...
CVE-2024-6090
A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...
CVE-2024-6090 Path Traversal Vulnerability in gaizhenbiao/chuanhuchatgpt
A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...
CVE-2024-6090 Path Traversal Vulnerability in gaizhenbiao/chuanhuchatgpt
A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...
CVE-2024-6090
CVE-2024-6090 is a path traversal vulnerability in gaizhenbiao/chuanhuchatgpt (version 20240410). The underlying issue allows an attacker to delete other users’ chat histories and, per reports, any files ending in .json on the target system, which can cause a denial of service by breaking authent...
CVE-2024-4520
An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation ...