Lucene search
+L

685 matches found

nuclei
nuclei
added 10 hours ago50 views

GPT Academic v1.3.9 - Open Redirect

An open redirect vulnerability exists in GPT Academic v1.3.9, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-10812 info: name:...

6.1CVSS6.4AI score0.00574EPSS
Exploits1References1
nuclei
nuclei
added 10 hours ago72 views

PrivateGPT < 0.5.0 - Open Redirect

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. id: CVE-2024-5936 info: name:...

6.1CVSS6.1AI score0.28925EPSS
Exploits1References3
euvd
euvd
added 19 hours ago4 views

EUVD-2025-210474

An issue in Open Source GPT Researcher v3.3.7 allows attackers to execute arbitrary commands on a victim system via user interaction with a crafted HTML page...

9.8CVSS6.4AI score
Exploits0References4
nvd
nvd
added yesterday5 views

CVE-2025-65720

An issue in Open Source GPT Researcher v3.3.7 allows attackers to execute arbitrary commands on a victim system via user interaction with a crafted HTML page...

9.8CVSS
Exploits0References3
cvelist
cvelist
added yesterday28 views

CVE-2025-65720

An issue in Open Source GPT Researcher v3.3.7 allows attackers to execute arbitrary commands on a victim system via user interaction with a crafted HTML page...

Exploits0References3
cve
cve
added 2026/07/01 1:45 p.m.36 views

CVE-2026-6684

CVE-2026-6684 affects FatFs prior to R0.16 when GPT scanning is used with FF_LBA64 = 1. The issue stems from an unbounded loop count derived from the GPT header field GPTH_PtNum, leading to extremely long or effectively infinite mount-time scans (CWE-835: Loop with Unreachable Exit Condition). Af...

4.6CVSS5.8AI score0.00205EPSS
Exploits2References4Affected Software1
osv
osv
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-325 DB-GPT is vulnerable to SQL Injection attacks from unauthenticated users

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the...

9.1CVSS7.7AI score0.01083EPSS
Exploits2References7
osv
osv
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-323 DB-GPT Absolute Path Traversal vulnerability

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS7.5AI score0.00769EPSS
Exploits1References5
osv
osv
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-321 DB-GPT vulnerable to Arbitrary File Upload with Path Traversal

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /v1/personal/agent/upload is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability...

9.1CVSS8AI score0.01192EPSS
Exploits1References5
osv
osv
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-322 DB-GPT Arbitrary File Write vulnerability

In eosphoros-ai/db-gpt version v0.6.3 and earlier, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim...

9.1CVSS7.7AI score0.00994EPSS
Exploits1References7
thn
thn
added 2026/06/27 12:19 p.m.17 views

OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards

OpenAI on Friday released three versions of GPT-5.6 , called Sol, Terra, and Luna , as a limited preview to a small number of companies as part of an ongoing engagement with the U.S. government. While Sol is the latest flagship model and the most powerful, Terra strikes a balance between efficien...

5.9AI score
Exploits0
cve
cve
added 2026/06/18 4:20 p.m.23 views

CVE-2025-32437

CVE-2025-32437 affects AutoGPT prior to 0.6.63, specifically the MediaDurationBlock. The issue arises because MediaDurationBlock downloads and stores videos in a temporary directory without proper deletion, and StepThroughItemsBlock can iterate MediaDurationBlock multiple times, with no limit on ...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References1
osv
osv
added 2026/06/18 4:12 p.m.3 views

CVE-2025-32422 AutoGPT has a DoS vulnerability in FileStoreBlock with StepThroughItemsBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, StepThroughItemsBlock can iterate all the contents in a list and send them to FileStoreBlock for downloading one by one. Although FileStoreBlock has access...

8.7CVSS5.9AI score0.00276EPSS
Exploits0References3
ossf
ossf
added 2026/06/11 6:33 a.m.13 views

Malicious code in gpt-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b9bdc5e04979d5b4f73407bcedaecc9df24dbb03e0bfbc0edefe333023dc50c On npm install, postinstall.js runs unconditionally and collects a wide range of installer-side reconnaissance data: hostname and FQDN, contents of...

5.5AI score
Exploits0References9
vulnrichment
vulnrichment
added 2026/06/10 3:37 p.m.10 views

CVE-2026-45567 Roxy-WI: Authentication bypass via 'api' substring in URL + unauthenticated /api/gpt

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publication, there are no publicly available patches...

8.3CVSS5.5AI score0.00244EPSS
Exploits0References1
cve
cve
added 2026/06/10 3:37 p.m.23 views

CVE-2026-45567

Roxy-WI is a web interface for managing HAProxy, Nginx, Apache and Keepalived. In versions 8.2.6.4 and prior, there is an authentication bypass via the URL containing the substring 'api' and an unauthenticated /api/gpt path. The CVSS v3.1 base score is 8.3 (HIGH) with NETWORK attack vector and no...

8.3CVSS5.5AI score0.00244EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/10 3:37 p.m.33 views

CVE-2026-45567 Roxy-WI: Authentication bypass via 'api' substring in URL + unauthenticated /api/gpt

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publication, there are no publicly available patches...

8.3CVSS0.00244EPSS
Exploits0References1
xen
xen
added 2026/06/09 12:0 p.m.17 views

Arm: Completion of memory accesses not guaranteed by completion of a TLBI

ISSUE DESCRIPTION A hardware issue has been identified in certain Arm CPU designs. A broadcast TLBI on one PE may complete before affected memory accesses on another PE are globally observed. This may permit bypass of Stage 1 translation, Stage 2 translation, or GPT protection. The erratum occurs...

9.1CVSS5.4AI score0.0053EPSS
Exploits0
redhatcve
redhatcve
added 2026/06/05 7:17 p.m.9 views

CVE-2026-33233

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...

7.6CVSS5.7AI score0.0023EPSS
Exploits0References1
packetstormnews
packetstormnews
added 2026/06/05 12:0 a.m.11 views

Empirical Evaluation of Large Language Models for Migration of Code Fragments to Post-Quantum Cryptography

The transition to post-quantum cryptography PQC requires not only replacing vulnerable cryptographic primitives, but also refactoring the surrounding software logic. While existing PQC migration frameworks provide organizational guidance, practical code-level remediation remains largely manual an...

5.6AI score
Exploits0
Rows per page
Query Builder