Lucene search
K

63 matches found

RedhatCVE
RedhatCVE
added 2025/11/27 4:59 p.m.6 views

CVE-2025-33203

NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service...

7.6CVSS6.3AI score0.00252EPSS
Exploits0References1
OSV
OSV
added 2025/10/07 10:8 p.m.2 views

GHSA-527M-2XHR-J27G LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities

Summary A Server-Side Request Forgery SSRF vulnerability in the chat API allows any authenticated user to force the server to make arbitrary HTTP requests to internal and external networks. This can lead to the exposure of sensitive internal services, reconnaissance of the internal network, or...

7.6CVSS6.1AI score0.0035EPSS
Exploits1References4
NVD
NVD
added 2025/10/07 7:15 p.m.6 views

CVE-2025-61784

LLaMA-Factory is a tuning library for large language models. Prior to version 0.9.4, a Server-Side Request Forgery SSRF vulnerability in the chat API allows any authenticated user to force the server to make arbitrary HTTP requests to internal and external networks. This can lead to the exposure ...

8.1CVSS0.0035EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-12603

Malware in sbrugna...

5.3CVSS5.6AI score0.00831EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.6 views

PT-2025-41167

Name of the Vulnerable Software and Affected Versions LLaMA-Factory versions prior to 0.9.4 Description LLaMA-Factory, a tuning library for large language models, contains a Server-Side Request Forgery SSRF issue in the chat API. Authenticated users can make the server send arbitrary HTTP request...

8.1CVSS5.9AI score0.0035EPSS
Exploits1References17
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-22016

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00488EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2025-16892

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00302EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/22 2:50 p.m.9 views

CVE-2025-7894

A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generatesimplesql of the file backend/onyx/agents/agentsearch/kbsearch/nodes/a3generatesimplesql.py of the component Chat Interface. The manipulation leads to sql injection. The...

9.8CVSS7.5AI score0.00488EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.5 views

ChatGPT Unli 跨站脚本漏洞

ChatGPT Unli is an AI assistant platform from ChatGPT Unli, Inc. A security vulnerability exists in ChatGPT Unli versions 2025-05-26 and earlier, which stems from the fact that sending a specially crafted SVG file through the chat interface could lead to the execution of arbitrary code...

6.1CVSS6.7AI score0.00281EPSS
Exploits1References3
NVD
NVD
added 2025/07/20 2:15 p.m.7 views

CVE-2025-7894

A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generatesimplesql of the file backend/onyx/agents/agentsearch/kbsearch/nodes/a3generatesimplesql.py of the component Chat Interface. The manipulation leads to sql injection. The...

9.8CVSS0.00488EPSS
Exploits1References4
OSV
OSV
added 2025/07/20 2:15 p.m.5 views

CVE-2025-7894

A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generatesimplesql of the file backend/onyx/agents/agentsearch/kbsearch/nodes/a3generatesimplesql.py of the component Chat Interface. The manipulation leads to sql injection. The...

9.8CVSS5.5AI score0.00488EPSS
Exploits1References4
CVE
CVE
added 2025/07/20 2:2 p.m.25 views

CVE-2025-7894

Onyx is affected up to version 0.29.1, with the SQL injection vulnerability arising via the generate_simple_sql function in backend/onyx/agents/agent_search/kb_search/nodes/a3_generate_simple_sql.py (Chat Interface). The issue allows remote exploitation and has been publicly disclosed. Connected ...

9.8CVSS7.4AI score0.00488EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/20 2:2 p.m.3 views

CVE-2025-7894 Onyx Chat Interface a3_generate_simple_sql.py generate_simple_sql sql injection

A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generatesimplesql of the file backend/onyx/agents/agentsearch/kbsearch/nodes/a3generatesimplesql.py of the component Chat Interface. The manipulation leads to sql injection. The...

6.5CVSS7.4AI score0.00488EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/07/20 2:2 p.m.10 views

CVE-2025-7894 Onyx Chat Interface a3_generate_simple_sql.py generate_simple_sql sql injection

A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generatesimplesql of the file backend/onyx/agents/agentsearch/kbsearch/nodes/a3generatesimplesql.py of the component Chat Interface. The manipulation leads to sql injection. The...

6.5CVSS0.00488EPSS
Exploits1References4
NVD
NVD
added 2025/06/04 5:15 p.m.29 views

CVE-2025-20129

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform CCP, formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent...

5.4CVSS0.00302EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/04 4:17 p.m.19 views

CVE-2025-20129 Cisco Customer Collaboration Platform Information Disclosure Vulnerability

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform CCP, formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent...

4.3CVSS4.5AI score0.00302EPSS
Exploits0References1
Cisco
Cisco
added 2025/06/04 4:0 p.m.11 views

Cisco Customer Collaboration Platform Information Disclosure Vulnerability

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform CCP, formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent...

4.3CVSS6.4AI score0.00302EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/04 12:0 a.m.9 views

PT-2025-23817 · Cisco · Cisco Customer Collaboration Platform

Name of the Vulnerable Software and Affected Versions: Cisco Customer Collaboration Platform CCP versions not specified Description: A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform CCP could allow an unauthenticated, remote attacker to persuade users to...

5.4CVSS6AI score0.00302EPSS
Exploits0References8
Hacker One
Hacker One
added 2025/04/06 5:28 p.m.878 views

LinkedIn: HTML Injection in LinkedIn Premium Support Chat

The vulnerability exists in the LinkedIn Premium support chat interface where unsanitized HTML input was rendered directly in the chat window. An attacker could have exploited this by injecting malicious HTML such as clickable links, potentially leading to phishing or redirection attacks on...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.6 views

AnythingLLM 安全漏洞

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. A security vulnerability exists in version 6dc3642 of AnythingLLM, which stems from an unauthenticated denial of service in the API embedded in the chat functionality, which allows an attacker to cause the server to crash by...

7.5CVSS7.5AI score0.0064EPSS
Exploits1References2
Rows per page
Query Builder