EUVD-2025-7023

Malicious code in bioql PyPI...

CVE-2024-9308

An open redirect vulnerability in haotian-liu/llava version v1.2.0 LLaVA-1.6 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...

CVE-2024-11449

A vulnerability in haotian-liu/llava version 1.2.0 LLaVA-1.6 allows for Server-Side Request Forgery SSRF through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation o...

CVE-2024-9308

The CVE-2024-9308 entry concerns an open redirect in haotian-liu/llava v1.2.0 (LLaVA-1.6). The vulnerability stems from an open redirect that allows a remote, unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. Documented impact mentions phishing, malware...

CVE-2024-9311

The vulnerability CVE-2024-9311 affects haotian-liu/llava v1.2.0 (LLaVA-1.6). A CSRF flaw lets an attacker upload files with malicious content without authentication, storing them in a predictable path and enabling arbitrary JavaScript execution in the victim’s browser when visiting the crafted f...