63 matches found
PT-2026-32127
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static headers middleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site...
CVE-2026-5320
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is n...
CVE-2025-63260
SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...
CVE-2025-63260
SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...
Blending Chat with Rich UIs with Spring AI and MCP Apps
The way humans typically interact with AI is via a chat-style interface such as ChatGPT or Claude Desktop. In fact, the ability to converse with an AI in natural language is perhaps one of the most amazing things about this technology. It lets humans talk to computers in human terms, rather than...
OpenAkita 操作系统命令注入漏洞
OpenAkita is a multi-platform, multi-intelligence collaborative AI assistant. An operating system command injection vulnerability exists in OpenAkita 1.24.3 and earlier versions. The vulnerability stems from the component Chat API Endpoint in the file src/openakita/tools/shell.py function run...
CVE-2026-27169
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when...
OpenSift 安全漏洞
OpenSift is an open-source artificial intelligence learning assistant developed by OpenSift. Versions of OpenSift 1.1.2-alpha and earlier contain security vulnerabilities. These vulnerabilities stem from the use of insecure HTML interpolation patterns in the chat tool’s UI interface, which render...
CVE-2026-27169 OpenSift: Persistent XSS Chat Tool Rendering
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when...
CVE-2026-25640
A flaw was found in Pydantic AI. A remote attacker can exploit a path traversal vulnerability in the Pydantic AI web UI by crafting a malicious URL. This vulnerability arises from insufficient validation of the version query parameter, allowing the server to fetch and serve attacker-controlled HT...
CVE-2026-25640
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...
CVE-2026-25640
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...
CVE-2025-65836
PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...
EUVD-2025-200089
PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...
CVE-2025-65836
PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...
CVE-2025-65836
PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...
CVE-2025-65836
PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...
CVE-2025-65836
PublicCMS V5.202506.b is vulnerable to Server-Side Request Forgery (SSRF) via the SimpleAiAdminController chat interface. Root cause details are not provided beyond the SSRF label in the chat interface. Impact is described in sources as SSRF with high severity, but no explicit exploit path or aff...
CVE-2025-65836
PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController...
PT-2025-48542
Name of the Vulnerable Software and Affected Versions PublicCMS version 5.202506.b Description PublicCMS version 5.202506.b is susceptible to a Server-Side Request Forgery SSRF condition. This issue is located within the chat interface of the SimpleAiAdminController. SSRF occurs when an applicati...