Lucene search
K

70 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43181

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat interface to write files to arbitrary filesystem...

9.9CVSS6.3AI score0.00538EPSS
Exploits0References2
CVE
CVE
added 3 days ago20 views

CVE-2026-61445

Summary (CVE-2026-61445) PraisonAI prior to 4.6.78 exposes arbitrary file write and command execution via the AICoder component. The root cause is missing path validation and lack of command sanitization in LLM tool calls, enabling an attacker to inject malicious prompts through the chat interfac...

9.9CVSS6.3AI score0.00538EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-54771

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Version...

8.1CVSS0.00392EPSS
Exploits0References1
CVE
CVE
added 5 days ago9 views

CVE-2026-54771

Langroid prior to 0.65.3 is affected. A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Root cause: the tool dispatch path in agent_response → handle_message → get...

8.1CVSS5.9AI score0.00392EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 5:22 p.m.4 views

DRUPAL-CONTRIB-2026-068

This module enables you to test and run AI-driven workflows interactively through a chat interface. The module doesn't sufficiently re-evaluate a human-in-the-loop approval gate where the workflow iterates more than once. This may result in execution of workflows that were not intended by the use...

5.4CVSS6AI score0.0018EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 5:21 p.m.7 views

DRUPAL-CONTRIB-2026-067

This module enables you to test and run AI-driven workflows interactively through a chat interface. The module doesn't sufficiently enforce permissions on certain endpoints. Attackers may be able to trigger workflow execution incurring LLM spend and tool side effects or send messages into other...

5.4CVSS5.9AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-55225

Name of the Vulnerable Software and Affected Versions FlowDrop versions 0.0.0 through 1.6.0 Description A missing authorization issue allows forceful browsing. The module, which enables testing and running AI-driven workflows via a chat interface, fails to sufficiently re-evaluate human-in-the-lo...

6.2AI score0.0018EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 1:19 p.m.11 views

CVE-2026-58116

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS0.00497EPSS
Exploits2References2
EUVD
EUVD
added 2026/06/30 12:54 p.m.7 views

EUVD-2026-40311

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS6.6AI score0.00497EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.12 views

CVE-2026-39423

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitrary JavaScript in the browsers of other users, including...

6.9CVSS5.8AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.11 views

CVE-2026-39422

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...

6.9CVSS5.8AI score0.00216EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 8:2 p.m.26 views

CVE-2026-44721

CVE-2026-44721 documents a stored XSS in Open WebUI prior to version 0.9.0. The vulnerability arises from a flawed sanitizeResponseContent path that escapes HTML but does not neutralize a markdown link with a javascript: URI rendered via {@html}, enabling an authenticated user with workspace.mode...

7.3CVSS7.4AI score0.00308EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 7:0 p.m.10 views

open-webui Vulnerable to Stored XSS via Model Description

!IMPORTANT Relationship to CVE-2024-7990 CVE-2024-7990 issued by huntr.dev, March 2025 describes a stored XSS in the same field — the model description — but exploits a different bypass mechanism: a second-order injection through the sanitizeResponseContent function's video-tag placeholder...

8.4CVSS6AI score0.00897EPSS
Exploits2References3Affected Software1
Snyk
Snyk
added 2026/05/08 7:0 p.m.11 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in the sanitizeResponseContent process. An attacker can execute arbitrary JavaScript in the browser of another user by crafting a malicious model description containing a markdown lin...

8.5CVSS7.2AI score0.00308EPSS
Exploits1References2
NVD
NVD
added 2026/04/27 6:16 a.m.15 views

CVE-2026-7090

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/sendmessage.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...

4.8CVSS0.00253EPSS
Exploits0References5
NVD
NVD
added 2026/04/14 1:16 a.m.10 views

CVE-2026-39422

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...

6.9CVSS0.00216EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/14 12:22 a.m.4 views

CVE-2026-39422 MaxKB has Stored XSS via ChatHeadersMiddleware

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...

6.9CVSS6AI score0.00216EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:22 a.m.5 views

CVE-2026-39422

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...

6.9CVSS6AI score0.00216EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/04/14 12:22 a.m.12 views

EUVD-2026-22182

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...

6.9CVSS6AI score0.00216EPSS
Exploits1References3
CVE
CVE
added 2026/04/14 12:22 a.m.23 views

CVE-2026-39422

MaxKB vulnerability CVE-2026-39422 is a Stored XSS in versions 2.7.1 and earlier, triggered via the application name or icon fields when creating an application. When users visit the public chat interface (/ui/chat/{access_token}), ChatHeadersMiddleware retrieves application data and directly ins...

6.9CVSS6AI score0.00216EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder