Lucene search
K

97 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6872

Malicious code in bioql PyPI...

8.1CVSS8.2AI score0.00581EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-6898

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00378EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-47196

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.00652EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:22 a.m.7 views

CVE-2024-3402

A stored Cross-Site Scripting XSS vulnerability existed in version 20240121 of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,...

6.8CVSS6.3AI score0.00458EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 1:22 p.m.17 views

CVE-2025-0191

A Denial of Service DoS vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...

6.5CVSS7.2AI score0.00544EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:44 p.m.10 views

CVE-2024-8400

A stored cross-site scripting XSS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrar...

5.4CVSS5.5AI score0.00378EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:17 a.m.7 views

CVE-2024-8613

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of...

8.8CVSS6.8AI score0.0055EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.8 views

PYSEC-2025-99

A Denial of Service DoS vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...

6.5CVSS6.6AI score0.00544EPSS
Exploits1References1
PyPA
PyPA
added 2025/03/20 10:15 a.m.12 views

PYSEC-2025-98

A Server-Side Request Forgery SSRF vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability allows an attacker to construct a response link by saving the response in a folder named after the SHA-1 hash of the target URL. This enables the attacker to access th...

6.5CVSS6.8AI score0.00454EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2025/03/20 10:15 a.m.13 views

PYSEC-2025-99

A Denial of Service DoS vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server...

6.5CVSS6.6AI score0.00544EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2025/03/20 10:15 a.m.25 views

PYSEC-2025-97

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than being read from a secu...

8.1CVSS7.3AI score0.00581EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-9159

An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the server is not proper...

6.5CVSS5.8AI score0.006EPSS
Exploits1References1
PyPA
PyPA
added 2025/03/20 10:15 a.m.12 views

PYSEC-2025-95

A stored cross-site scripting XSS vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization logic fails to handle HTML tags within code...

6.8CVSS6.8AI score0.00505EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-9107

A stored cross-site scripting XSS vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization logic fails to handle HTML tags within code...

5.4CVSS5.9AI score0.00505EPSS
Exploits1References1
PyPA
PyPA
added 2025/03/20 10:15 a.m.15 views

PYSEC-2025-96

An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the server is not proper...

6.5CVSS6.6AI score0.006EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2025/03/20 10:15 a.m.10 views

CVE-2024-8613

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of...

8.8CVSS0.0055EPSS
Exploits1References2
NVD
NVD
added 2025/03/20 10:15 a.m.17 views

CVE-2024-8400

A stored cross-site scripting XSS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrar...

5.4CVSS0.00378EPSS
Exploits1References2
PyPA
PyPA
added 2025/03/20 10:15 a.m.11 views

PYSEC-2025-94

A Regular Expression Denial of Service ReDoS vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern r'+' to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attacker c...

6.5CVSS6.6AI score0.00671EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.8 views

CVE-2024-9216 Authentication Bypass in gaizhenbiao/ChuanhuChatGPT

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than being read from a secu...

8.1CVSS8.1AI score0.00581EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.10 views

CVE-2024-8613 Improper Access Control in gaizhenbiao/chuanhuchatgpt

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of...

8.1CVSS0.0055EPSS
Exploits1References2
Rows per page
Query Builder