Lucene search
K

29 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-47064

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00179EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:48 p.m.8 views

CVE-2024-8029

An XSS vulnerability was discovered in the upload files process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks...

6.1CVSS6.2AI score0.00329EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-8029

An XSS vulnerability was discovered in the upload files process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks...

6.1CVSS0.00329EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-8018

A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service DOS attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering privateGPT inaccessible...

7.5CVSS0.00588EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.11 views

CVE-2024-12063 Denial of Service in imartinez/privategpt

A Denial of Service DoS vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

7.5CVSS0.00727EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.6 views

CVE-2024-12063 Denial of Service in imartinez/privategpt

A Denial of Service DoS vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

7.5CVSS7.5AI score0.00727EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:11 a.m.46 views

CVE-2024-12063

CVE-2024-12063 affects imartinez/privategpt v0.6.2. The vulnerability is a DoS in the file upload feature caused by improper handling of form-data with an excessively large filename, which can overwhelm the server and render it unavailable to legitimate users. The exploitation details are not pro...

7.5CVSS7.5AI score0.00727EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.11 views

CVE-2024-8029 Stored XSS in imartinez/privategpt

An XSS vulnerability was discovered in the upload files process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks...

4.7CVSS0.00329EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.45 views

CVE-2024-8029

CVE-2024-8029 applies to imartinez/privategpt v0.5.0 and is a Stored XSS in the file upload path. The root cause is the ability to upload SVG files that contain JavaScript, which is executed when a user clicks the link, enabling data theft, session hijacking, malware distribution, or phishing as ...

6.1CVSS6.2AI score0.00329EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.9 views

PT-2025-12119 · Unknown · Imartinez/Privategpt

Name of the Vulnerable Software and Affected Versions: imartinez/privategpt version v0.6.2 Description: A Denial of Service DoS vulnerability exists in the file upload feature. The issue is due to improper handling of form-data with a large filename in the file upload request. An attacker can...

7.5CVSS7.3AI score0.00727EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.5 views

PT-2024-38757 · Imartinez +2 · Imartinez/Privategpt +1

Name of the Vulnerable Software and Affected Versions: imartinez/privategpt version 0.5.0 Description: An XSS vulnerability exists in the file upload process. Attackers can upload malicious SVG files that execute JavaScript when victims click on the file link. This can lead to user data theft,...

6.1CVSS4.6AI score0.00329EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/11/14 5:32 p.m.7 views

CVE-2024-4343 Python Command Injection in imartinez/privategpt

A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...

9.8CVSS8.4AI score0.0261EPSS
Exploits1References2
CVE
CVE
added 2024/11/14 5:32 p.m.59 views

CVE-2024-4343

The CVE-2024-4343 entry describes a Python command injection in the imartinez/privategpt project. Affected component: SagemakerLLM.complete() in ./private_gpt/components/llm/custom/sagemaker.py, with versions up to and including 0.3.0. Root cause: unsafe parsing of a remote SageMaker LLM endpoint...

9.8CVSS9.8AI score0.0261EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/11/14 5:32 p.m.21 views

CVE-2024-4343 Python Command Injection in imartinez/privategpt

A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...

9.8CVSS0.0261EPSS
Exploits1References2
NVD
NVD
added 2024/06/27 7:15 p.m.16 views

CVE-2024-5936

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...

6.1CVSS0.28925EPSS
Exploits1References1
OSV
OSV
added 2024/06/27 7:15 p.m.2 views

CVE-2024-5936

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...

6.1CVSS4.4AI score
Exploits0References1
CVE
CVE
added 2024/06/27 6:45 p.m.50 views

CVE-2024-5935

CVE-2024-5935 describes a CSRF vulnerability in imartinez/privategpt version 0.5.0 that lets an attacker delete all uploaded files on the server, causing data loss and service disruption for users. The issue stems from a CSRF flaw affecting the file-deletion functionality. Public details across m...

5.4CVSS6AI score0.00179EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/27 6:45 p.m.17 views

CVE-2024-5935 CSRF Vulnerability in imartinez/privategpt

A Cross-Site Request Forgery CSRF vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's users...

5.4CVSS7AI score0.00179EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/27 6:45 p.m.12 views

CVE-2024-5936 Open Redirect in imartinez/privategpt

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...

4.3CVSS7AI score0.28925EPSS
Exploits1References1
CVE
CVE
added 2024/06/27 6:45 p.m.66 views

CVE-2024-5936

CVE-2024-5936 affects imartinez/privategpt

6.1CVSS4.5AI score0.28925EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder