CVE-2024-9216

CVE-2024-9216 affects the gaizhenbiao/ChuanhuChatGPT project. The issue is an authentication bypass caused by the username being supplied by a client-side HTTP request rather than being read from a secure source (e.g., a cookie). This allows an attacker to supply another user’s username to the ge...

CVE-2024-9216 Authentication Bypass in gaizhenbiao/ChuanhuChatGPT

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than being read from a secu...

CVE-2024-10727 Cross-Site Scripting (XSS) in phpipam/phpipam

A reflected cross-site scripting XSS vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HTTP request and includes that data within the immediate response in an unsafe manner. This allows an attacker to execute...

CVE-2024-12759

...

CVE-2024-9056 Denial of Service in bentoml/bentoml

BentoML version v1.3.4post1 is vulnerable to a Denial of Service DoS attack. The vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, leading to excessive...

CVE-2024-9056

CVE-2024-9056 affects BentoML v1.3.4post1 and is a Denial of Service (DoS) caused by improper handling of multipart boundaries. An attacker can append characters to the end of a multipart boundary in HTTP requests, causing the server to repeatedly process input and exhaust resources, leading to s...

CVE-2024-9056 Denial of Service in bentoml/bentoml

BentoML version v1.3.4post1 is vulnerable to a Denial of Service DoS attack. The vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, leading to excessive...

CVE-2024-10264

CVE-2024-10264 affects the NetEase Youdao/QAnything project, specifically version 1.4.1. The vulnerability is an HTTP Request Smuggling flaw caused by inconsistencies in how requests are interpreted between a proxy and a server. Consequences cited in the sources include unauthorized access, bypas...

CVE-2024-10264 HTTP Request Smuggling in netease-youdao/qanything

HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and...

CVE-2024-10264 HTTP Request Smuggling in netease-youdao/qanything

HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and...

CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

CVE-2024-10047

CVE-2024-10047 affects parisneo/lollms-webui, versions from v9.9 to the latest. The issue is a directory listing vulnerability exposed via the /open_file endpoint, allowing an attacker to enumerate arbitrary directories on a Windows system. The vulnerability details across connected sources confi...

CVE-2024-10047 Directory Listing Vulnerability in parisneo/lollms-webui

parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /openfile endpoint...

CVE-2024-10047 Directory Listing Vulnerability in parisneo/lollms-webui

parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /openfile endpoint...

CVE-2024-9597

ParisNeo/lollms v12 contains a Path Traversal in the /wipe_database endpoint. The vulnerability arises from improper validation of the key parameter used to construct file paths, enabling an attacker to delete arbitrary directories via a crafted HTTP request. Public sources (Snyk and Red Hat advi...

CVE-2024-9597 Path Traversal in parisneo/lollms

A Path Traversal vulnerability exists in the /wipedatabase endpoint of parisneo/lollms version v12, allowing an attacker to delete any directory on the system. The vulnerability arises from improper validation of the key parameter, which is used to construct file paths. An attacker can exploit th...

CVE-2024-8984

The CVE-2024-8984 entry describes a Denial of Service vulnerability in berriai/litellm v1.44.5 caused by improper handling of multipart HTTP boundaries. An attacker can append characters to the boundary, triggering unbounded resource consumption and service unavailability. The issue is unauthenti...

CVE-2024-8984 Denial of Service (DoS) in berriai/litellm

A Denial of Service DoS vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource...

PT-2025-12031 · Unknown · Netease-Youdao/Qanything

Name of the Vulnerable Software and Affected Versions: netease-youdao/qanything version 1.4.1 Description: A HTTP Request Smuggling vulnerability exists due to inconsistencies in how HTTP requests are interpreted between a proxy and a server. This can lead to unauthorized access, bypassing securi...