prompts.chat 代码问题漏洞

prompts.chat is an open-source AI prompt library developed by Fatih Kadir Akın. Versions of prompts.chat prior to 30a8f04 contained code vulnerabilities; these vulnerabilities stemmed from a lack of URL validation during Fal.ai’s media status polling, which could lead to server-side request...

Belden Hirschmann Industrial HiVision 代码问题漏洞

Belden Hirschmann Industrial HiVision is an industrial network management software platform developed by the American company Belden. Versions of Belden Hirschmann Industrial HiVision prior to 08.1.04 and 08.2.00 contained code vulnerabilities. These vulnerabilities stemmed from insufficient path...

prompts.chat 代码问题漏洞

prompts.chat is an open-source AI prompt library developed by Fatih Kadir Akın. Versions prior to 1464475 contained code vulnerabilities; these vulnerabilities stemmed from requests for forged server-side requests in the Wiro media generator, which could allow authenticated users to probe interna...

Frostmourne 代码问题漏洞

Frostmourne is a multi-data-source monitoring and alert system developed by AutohomeCorp. Versions of Frostmourne 1.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect operations on the file...

Dataverse 代码问题漏洞

Dataverse is an open-source research data management and sharing platform developed by the Institute for Quantitative Social Science. Versions of Dataverse 6.8 and earlier contained code vulnerabilities. These vulnerabilities stemmed from operations involving the parameter uploadLogo in the...

iccDEV 代码问题漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained code-related vulnerabilities; these vulnerabilities were caused by potential null pointer dereferencing when processing specially crafted ICC...

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the lack of SRF protection in the EPG link function, which could lead to storage-side request forgery...

InvoiceShelf 代码问题漏洞

InvoiceShelf is an open-source invoice and expense management application developed by InvoiceShelf. Versions of InvoiceShelf prior to 2.2.0 had code vulnerabilities. These vulnerabilities stemmed from uncleaned HTML provided by users in the payment receipt PDF generation module, which could lead...

SourceCodester RSS Feed Parser 代码问题漏洞

The SourceCodester RSS Feed Parser is an open-source rss feed parser developed by SourceCodester. Version 1.0 of the SourceCodester RSS Feed Parser has code vulnerabilities; these vulnerabilities stem from incorrect operations with the filegetcontents function, which may lead to server-side reque...

LoLLMs 代码问题漏洞

LoLLMs is a large language and multimodal system developed by Saifeddine ALOUI as an individual project. Versions of LoLLMs prior to 2.2.0 contained code vulnerabilities. These vulnerabilities stemmed from the API/export-content endpoint, which did not validate the URLs controlled by users,...

LocalGPT 代码问题漏洞

LocalGPT is a localized private document-based intelligent question-and-answer and analysis platform developed by PromptEngineer. LocalGPT has code issues and vulnerabilities; these vulnerabilities stem from incorrect operations on the doPOST function, resulting in unlimited uploads...

pyLoad 代码问题漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev97 contained code vulnerabilities. These vulnerabilities stemmed from the download engine accepting unverified arbitrary URLs, which could lead to server-side request forgeing attacks...

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the urlgetcontents function not revalidating the target when following HTTP redirection, which could...

Lychee 代码问题漏洞

Lychee is a beautiful and easy-to-use photo management system developed by The Lychee Organisation. It is used for managing and sharing photos. Versions of Lychee prior to 7.5.2 had code vulnerabilities that could be exploited through DNS redirection bypasses, allowing for server-side request...

Roadiz development monorepo 代码问题漏洞

The Roadiz Development Monorepo is an open-source content management system development kit developed by Roadiz. Versions of the Roadiz Development Monorepo prior to 2.7.9, 2.6.28, 2.5.44, and 2.3.42 contained code vulnerabilities. These vulnerabilities allowed authenticated attackers to read...

SANYO DENKI SANUPS SOFTWARE 代码问题漏洞

SANYO DENKI SANUPS SOFTWARE is a software developed by SANYO DENKI Corporation in Japan. It is used for monitoring UPS devices, managing their operation, and analyzing power supply status. SANYO DENKI SANUPS SOFTWARE has code vulnerabilities; these vulnerabilities stem from the Windows service fi...

NVIDIA Nemo Framework 代码问题漏洞

NVIDIA Nemo Framework is a framework developed by NVIDIA Corporation in the United States for building and deploying generative AI models. There are code-related vulnerabilities in the NVIDIA NeMo Framework, and attackers can exploit these vulnerabilities to trigger remote code execution...

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the downloadVideoFromDownloadURL function using the original file name and extension of the remote...

kargo 代码问题漏洞

Kargo is an open-source continuous delivery tool developed by Akuity. Versions of Kargo prior to 1.6.3, 1.7.8 and earlier, 1.8.11 and earlier, as well as 1.9.4 and earlier, have code vulnerabilities. These vulnerabilities stem from server-side request forgery during the HTTP and http-download...

easegen-admin 代码问题漏洞

easegen-admin is a digital human course creation platform developed by Taofagi. There are code issues and vulnerabilities in easegen-admin, which stem from incorrect handling of the parameter 'url' in the PPTUtil.java file. This could lead to server-side request forgery...