Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/06/17 2:10 p.m.8 views

Open WebUI: Cross-origin postMessage confirmation bypass via action:submit

Summary The chat message listener allows non-same-origin input:prompt and action:submit messages, so an external site can set prompt text and trigger submitPrompt in an authenticated victim session. I validated this with a cross-origin attacker page that auto-posted messages and caused unauthoriz...

7.1CVSS5.5AI score0.00162EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 10:44 a.m.11 views

CVE-2024-21513

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...

8.5CVSS8AI score0.01864EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/15 5:0 a.m.15 views

CVE-2024-21513

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...

8.5CVSS8.4AI score0.01864EPSS
Exploits1References3
CVE
CVE
added 2024/07/15 5:0 a.m.72 views

CVE-2024-21513

langchain-experimental versions 0.0.15 and earlier than 0.0.21 are vulnerable to Arbitrary Code Execution via eval() on database-retrieved values when using VectorSQLDatabaseChain. The vulnerability requires an attacker to influence the input prompt and can enable Python code execution on the ser...

8.5CVSS8.2AI score0.01864EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2015/08/16 11:0 p.m.25 views

CVE-2015-3729

Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site...

8.3AI score0.02165EPSS
Exploits0References6
Rows per page
Query Builder