Lucene search
K

63 matches found

Positive Technologies
Positive Technologies
added 2026/04/11 12:0 a.m.8 views

PT-2026-32127

A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static headers middleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site...

5.1CVSS4.3AI score0.00266EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/04/02 3:45 a.m.2 views

CVE-2026-5320

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is n...

7.5CVSS6.8AI score0.00414EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/03/20 8:16 p.m.5 views

CVE-2025-63260

SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...

5.4CVSS0.00156EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 12:0 a.m.4 views

CVE-2025-63260

SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...

5.8AI score0.00156EPSS
Exploits1References3
Spring Security Advisories
Spring Security Advisories
added 2026/03/18 12:0 a.m.7 views

Blending Chat with Rich UIs with Spring AI and MCP Apps

The way humans typically interact with AI is via a chat-style interface such as ChatGPT or Claude Desktop. In fact, the ability to converse with an AI in natural language is perhaps one of the most amazing things about this technology. It lets humans talk to computers in human terms, rather than...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

OpenAkita 操作系统命令注入漏洞

OpenAkita is a multi-platform, multi-intelligence collaborative AI assistant. An operating system command injection vulnerability exists in OpenAkita 1.24.3 and earlier versions. The vulnerability stems from the component Chat API Endpoint in the file src/openakita/tools/shell.py function run...

5.3CVSS6.1AI score0.00779EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.6 views

CVE-2026-27169

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when...

8.9CVSS5.8AI score0.00347EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.10 views

OpenSift 安全漏洞

OpenSift is an open-source artificial intelligence learning assistant developed by OpenSift. Versions of OpenSift 1.1.2-alpha and earlier contain security vulnerabilities. These vulnerabilities stem from the use of insecure HTML interpolation patterns in the chat tool’s UI interface, which render...

8.9CVSS5.6AI score0.00347EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/20 11:51 p.m.30 views

CVE-2026-27169 OpenSift: Persistent XSS Chat Tool Rendering

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when...

8.9CVSS0.00347EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/08 1:21 a.m.7 views

CVE-2026-25640

A flaw was found in Pydantic AI. A remote attacker can exploit a path traversal vulnerability in the Pydantic AI web UI by crafting a malicious URL. This vulnerability arises from insufficient validation of the version query parameter, allowing the server to fetch and serve attacker-controlled HT...

7.1CVSS5.8AI score0.00324EPSS
Exploits0References5
NVD
NVD
added 2026/02/06 8:16 p.m.21 views

CVE-2026-25640

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...

7.1CVSS0.00324EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/06 8:1 p.m.5 views

CVE-2026-25640

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...

7.1CVSS5.8AI score0.00324EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/02 12:19 a.m.11 views

CVE-2025-65836

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...

9.1CVSS6.9AI score0.00288EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/01 9:30 p.m.9 views

EUVD-2025-200089

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...

6.4AI score0.00288EPSS
Exploits1References4
NVD
NVD
added 2025/12/01 8:15 p.m.5 views

CVE-2025-65836

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...

9.1CVSS0.00288EPSS
Exploits1References3
OSV
OSV
added 2025/12/01 8:15 p.m.5 views

CVE-2025-65836

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...

9.1CVSS6.8AI score
Exploits0References3
Cvelist
Cvelist
added 2025/12/01 12:0 a.m.8 views

CVE-2025-65836

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...

0.00288EPSS
Exploits1References3
CVE
CVE
added 2025/12/01 12:0 a.m.21 views

CVE-2025-65836

PublicCMS V5.202506.b is vulnerable to Server-Side Request Forgery (SSRF) via the SimpleAiAdminController chat interface. Root cause details are not provided beyond the SSRF label in the chat interface. Impact is described in sources as SSRF with high severity, but no explicit exploit path or aff...

9.1CVSS6.5AI score0.00288EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/01 12:0 a.m.3 views

CVE-2025-65836

PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...

6.5AI score0.00288EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.7 views

PT-2025-48542

Name of the Vulnerable Software and Affected Versions PublicCMS version 5.202506.b Description PublicCMS version 5.202506.b is susceptible to a Server-Side Request Forgery SSRF condition. This issue is located within the chat interface of the SimpleAiAdminController. SSRF occurs when an applicati...

6.7AI score0.00288EPSS
Exploits1References6
Rows per page
Query Builder