Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

34 matches found

RedhatCVE
RedhatCVEadded yesterday3 views

CVE-2026-6608

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

6.9CVSS5.5AI score0.00049EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/20 6:31 a.m.0 views

EUVD-2026-23778

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

6.9CVSS5.2AI score0.00024EPSS
Exploits0References9
EUVD
EUVDadded 2026/04/20 6:31 a.m.2 views

EUVD-2026-23780

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

6.9CVSS5.5AI score0.00049EPSS
Exploits0References7
NVD
NVDadded 2026/04/20 5:16 a.m.2 views

CVE-2026-6607

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

6.9CVSS0.00024EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/04/20 5:15 a.m.1 views

CVE-2026-6608 lm-sys fastchat Arena Side-by-Side View add_text control flow

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

6.9CVSS5.7AI score0.00049EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/04/20 5:15 a.m.0 views

CVE-2026-6608

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

6.9CVSS5.5AI score0.00049EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/20 5:0 a.m.1 views

CVE-2026-6607 lm-sys fastchat Worker API Endpoint api_generate resource consumption

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

6.9CVSS5.2AI score0.00024EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/04/20 5:0 a.m.1 views

CVE-2026-6607

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

6.9CVSS5.2AI score0.00024EPSS
Exploits0References8Affected Software1
CVE
CVEadded 2026/04/20 5:0 a.m.11 views

CVE-2026-6607

CVE-2026-6607 affects lm-sys FastChat up to version 0.2.36, specifically the Worker API Endpoint function api_generate. The issue allows remote manipulation leading to resource consumption; CVE details indicate a publicly disclosed exploit and a patch is available (patch id c9e84b89c91d45191dc244...

6.9CVSS5.5AI score0.00024EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2026/04/20 12:0 a.m.3 views

PT-2026-33713

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function api generate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

6.9CVSS5.2AI score0.00024EPSS
Exploits0References9
OSV
OSVadded 2026/03/25 5:4 a.m.1 views

MAL-2026-2178 Malicious code in lm-sys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69240e51e47ad6f05a6d2e98047b80c3beb9f2e05d1449b50606c812b9eb1c1e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
NVD
NVDadded 2025/04/16 9:15 a.m.16 views

CVE-2025-3677

A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This vulnerability affects the function splitfiles/applydeltalowcpumem of the file fastchat/model/applydelta.py. The manipulation leads to deserialization. An attack has to be approached locally...

5.3CVSS0.00213EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/04/16 8:31 a.m.4 views

CVE-2025-3677 lm-sys fastchat apply_delta.py apply_delta_low_cpu_mem deserialization

A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This vulnerability affects the function splitfiles/applydeltalowcpumem of the file fastchat/model/applydelta.py. The manipulation leads to deserialization. An attack has to be approached locally...

5.3CVSS5.4AI score0.00213EPSS
Exploits0References4
CVE
CVEadded 2025/04/16 8:31 a.m.61 views

CVE-2025-3677

CVE-2025-3677 affects lm-sys fastchat up to 0.2.36. A vulnerability in fastchat/model/apply_delta.py -> split_files/apply_delta_low_cpu_mem allows deserialization when manipulated locally. The connected docs specify a local-access exploitation vector; no exploit details are provided and no rem...

5.3CVSS5.4AI score0.00213EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/04/16 8:31 a.m.15 views

CVE-2025-3677 lm-sys fastchat apply_delta.py apply_delta_low_cpu_mem deserialization

A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This vulnerability affects the function splitfiles/applydeltalowcpumem of the file fastchat/model/applydelta.py. The manipulation leads to deserialization. An attack has to be approached locally...

5.3CVSS0.00213EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/03/22 12:27 p.m.5 views

CVE-2024-12376

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

7.5CVSS6.9AI score0.00443EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/03/22 12:9 p.m.6 views

CVE-2024-10912

A Denial of Service DoS vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

7.5CVSS6.9AI score0.00244EPSS
Exploits1References1
OSV
OSVadded 2025/03/20 12:32 p.m.0 views

GHSA-G44M-HPF4-VMRP FastChat Server-Side Request Forgery vulnerability

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

7.5CVSS7.1AI score0.00443EPSS
Exploits1References3
NVD
NVDadded 2025/03/20 10:15 a.m.3 views

CVE-2024-12376

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

7.5CVSS0.00443EPSS
Exploits1References1
OSV
OSVadded 2025/03/20 10:15 a.m.0 views

CVE-2024-12376

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

7.5CVSS5.8AI score0.00443EPSS
Exploits1References1
Rows per page
Query Builder