22 matches found
EUVD-2025-7061
Malicious code in bioql PyPI...
EUVD-2025-7055
Malicious code in bioql PyPI...
GPT Academic File Read Vulnerability
GPT Academic is an interface that provides pragmatic interactions for LLM large language models such as GPT/GLM. A file read vulnerability exists in GPT Academic, which stems from a failure of the HotReload feature to properly validate user input, and can be exploited by an attacker to read...
CVE-2024-10986
GPT Academic version 3.83 is vulnerable to a Local File Read LFI vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, the application overlooks the Tarslip triggered by symlinks...
CVE-2024-11030
GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery SSRF vulnerability through its HotReload plugin function, which calls the crazyutils.getfilesfromeverything API without proper sanitization. This allows attackers to exploit the vulnerability to abuse the victim GPT Academic...
CVE-2024-11031
In version 3.83 of binary-husky/gptacademic, a Server-Side Request Forgery SSRF vulnerability exists in the MarkdownTranslate.getfilesfromeverything API. This vulnerability is exploited through the HotReloadMarkdown翻译中 plugin function, which allows downloading arbitrary web hosts by only checking...
CVE-2024-10986
GPT Academic version 3.83 is vulnerable to a Local File Read LFI vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, the application overlooks the Tarslip triggered by symlinks...
CVE-2024-11030
GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery SSRF vulnerability through its HotReload plugin function, which calls the crazyutils.getfilesfromeverything API without proper sanitization. This allows attackers to exploit the vulnerability to abuse the victim GPT Academic...
CVE-2024-11030
GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery SSRF vulnerability through its HotReload plugin function, which calls the crazyutils.getfilesfromeverything API without proper sanitization. This allows attackers to exploit the vulnerability to abuse the victim GPT Academic...
CVE-2024-10986
GPT Academic version 3.83 is vulnerable to a Local File Read LFI vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, the application overlooks the Tarslip triggered by symlinks...
CVE-2024-11031
In version 3.83 of binary-husky/gptacademic, a Server-Side Request Forgery SSRF vulnerability exists in the MarkdownTranslate.getfilesfromeverything API. This vulnerability is exploited through the HotReloadMarkdown翻译中 plugin function, which allows downloading arbitrary web hosts by only checking...
CVE-2024-11030 SSRF in binary-husky/gpt_academic
GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery SSRF vulnerability through its HotReload plugin function, which calls the crazyutils.getfilesfromeverything API without proper sanitization. This allows attackers to exploit the vulnerability to abuse the victim GPT Academic...
CVE-2024-11030
GPT Academic version 3.83 is affected by a Server-Side Request Forgery (SSRF) in the HotReload plugin. The vulnerability arises when HotReload calls crazy_utils.get_files_from_everything() without proper input sanitization, enabling an attacker to misuse the Gradio Web server’s credentials to acc...
CVE-2024-10986 Local File Read (LFI) by Tarslip Symlink via arxiv_download() API in binary-husky/gpt_academic
GPT Academic version 3.83 is vulnerable to a Local File Read LFI vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, the application overlooks the Tarslip triggered by symlinks...
CVE-2024-10986
GPT Academic version 3.83 exposes a Local File Read (LFI) through HotReload, which downloads and extracts tar.gz files from arxiv.org. Although path traversal protections exist, the Tarslip caused by symlinks is not mitigated, enabling an attacker to read arbitrary local files on the victim serve...
CVE-2024-10986 Local File Read (LFI) by Tarslip Symlink via arxiv_download() API in binary-husky/gpt_academic
GPT Academic version 3.83 is vulnerable to a Local File Read LFI vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, the application overlooks the Tarslip triggered by symlinks...
PT-2025-12087 · Unknown · Gpt Academic
Name of the Vulnerable Software and Affected Versions: GPT Academic version 3.83 Description: The issue concerns a Local File Read LFI vulnerability through the HotReload function, which can download and extract tar.gz files from arxiv.org. Despite protections against path traversal, the...
PT-2025-12089 · Hotreload +2 · Hotreload +2
Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version 3.83 Description: A Server-Side Request Forgery SSRF issue exists in the Markdown Translate.get files from everything API, allowing attackers to download arbitrary web hosts by exploiting the HotReload plugin...
PT-2025-12088 · Hotreload +2 · Hotreload +2
Name of the Vulnerable Software and Affected Versions: GPT Academic version 3.83 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. It occurs through the HotReload plugin function, which calls the crazy utils.get files from everything API without proper...
GPT Academic 输入验证错误漏洞
GPT Academic is an interface that provides pragmatic interactions for LLM large language models such as GPT/GLM. A file read vulnerability exists in GPT Academic, which stems from a failure of the HotReload feature to properly validate user input, and can be exploited by an attacker to read...