CVE-2026-24471

continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...

CVE-2026-24471 Improper Validation in Conduit-derived homeservers resulting in Unintended Proxy or Intermediary ('Confused Deputy')

continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...

CVE-2026-24471

continuwuity is a Matrix homeserver written in Rust. This vulnerability allows an attacker with a malicious remote server to cause the local server to sign an arbitrary event upon user interaction. Upon a user account leaving a room rejecting an invite, joining a room or knocking on a room, the...

PT-2026-5720

Name of the Vulnerable Software and Affected Versions Continuwuity versions prior to 0.5.1 Conduit versions prior to 0.10.11 Grapevine versions prior to 0aae932b Tuwunel versions prior to 1.4.9 Description A flaw exists that allows a malicious remote server to cause a local server to sign an...

CVE-2025-12487

oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...

CVE-2025-12487

oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...

CVE-2025-12487

oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...

CVE-2025-12487

CVE-2025-12487 affects the oobabooga text-generation-webui stack, specifically the trust_remote_code handling on the join endpoint. The root cause is the lack of proper validation of a user-supplied argument before loading a model, enabling an attacker to execute arbitrary code in the context of ...

CVE-2025-12487 oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability

oobabooga text-generation-webui trustremotecode Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this...

PT-2025-44565

Name of the Vulnerable Software and Affected Versions oobabooga text-generation-webui version 2.5 Description The software contains a remote code execution issue stemming from reliance on untrusted inputs. This allows attackers to execute arbitrary code on affected systems without authentication...

oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the trustremotecode parameter provided to the join...

GHSA-H254-G997-685C FastChat Server-Side Request Forgery vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the /queue/join? endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal...

PT-2024-7644

Name of the Vulnerable Software and Affected Versions Vault Community versions prior to 1.18.1 Vault Enterprise versions prior to 1.18.1, 1.17.8, and 1.16.12 Description The issue is related to the Raft Consensus Algorithm in the Integrated Storage of HashiCorp Vault and Vault Enterprise, which c...

SUSE CVE-2024-47167

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forgery SSRF in the /queue/join endpoint. Gradio's asyncsaveurltocache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This...

Server-side Request Forgery (SSRF)

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the asyncsaveurltocache function in the /queue/join endpoint. An attacker can send HTTP requests to...

VulnCheck KEV: CVE-2024-4325

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to...

PYSEC-2024-269

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fnindex":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or...

PYSEC-2024-269

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fnindex":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or...

GHSA-973G-55HP-3FRW Server-Side Request Forgery in gradio

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is us...

Server-Side Request Forgery in gradio

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is us...