Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2025/09/24 12:28 a.m.5 views

CVE-2025-57203

MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a...

4.8CVSS6.2AI score0.00044EPSS
Exploits1References1
CNNVD
CNNVDadded 2025/09/22 12:0 a.m.1 views

LiquidThemes MagicAI 安全漏洞

LiquidThemes MagicAI is an AI software from LiquidThemes, UK. A security vulnerability exists in LiquidThemes MagicAI version 9.1, which stems from insufficient cleanup of the prompt parameter input in the dashboard/user/generator/generate-stream endpoint, which could lead to a cross-site scripti...

4.8CVSS5.9AI score0.00044EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2025/09/22 12:0 a.m.3 views

PT-2025-39066

Name of the Vulnerable Software and Affected Versions MagicProject AI version 9.1 Description MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS issue within the chatbot generation feature accessible to authenticated admin users. The issue is located in the prompt parameter...

4.8CVSS6.2AI score0.00044EPSS
Exploits1References7
CVE
CVEadded 2025/09/22 12:0 a.m.11 views

CVE-2025-57203

MagicProject AI version 9.1 is affected by a Cross-Site Scripting (XSS) vulnerability in the chatbot generation feature. The flaw resides in the prompt parameter sent to /dashboard/user/generator/generate-stream via a multipart/form-data POST, where insufficient input sanitization allows HTML/Jav...

4.8CVSS5.8AI score0.00044EPSS
Exploits1References1Affected Software1
Snyk
Snykadded 2024/12/30 12:43 p.m.2 views

Server-side Request Forgery (SSRF)

Overview fastchat is a fastchat with guidance support Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the workergeneratestream API endpoint. An attacker can exploit the victim controller API server's credentials to perform unauthorized web actions or...

9.3CVSS6.9AI score0.00221EPSS
Exploits1References2
OSV
OSVadded 2024/12/30 12:15 p.m.1 views

CVE-2024-10044

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's...

9.3CVSS5.8AI score
Exploits0References1
CNNVD
CNNVDadded 2024/12/30 12:0 a.m.2 views

FastChat 代码问题漏洞

FastChat is LMSYS Org's is an open platform for training, deploying, and evaluating chatbots based on large language models. A code issue vulnerability exists in FastChat that stems from a server-side request forgery vulnerability in the POST/workergeneratestream API endpoint that allows an...

9.3CVSS9.2AI score0.00221EPSS
Exploits1References1
Rows per page
Query Builder