Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/06/23 5:43 p.m.37 views

CVE-2026-54157 LobeHub: Unauthenticated SSRF in `/webapi/proxy`

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. An attacker can use this to make...

9CVSS0.0178EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 4:47 p.m.16 views

CVE-2026-42045

CVE-2026-42045 affects LobeHub/LobeChat prior to version 2.1.48. The issue combines a client‑side XSS in the Render path (Renderer defaulting to HTMLRenderer for unknown tags) with an insecure IPC interface runCommand in the Electron main process. An attacker who can induce the LLM to emit malici...

6.2CVSS6.2AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 8:16 p.m.4 views

CVE-2026-39411

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, the webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the XOR ke...

7.1CVSS0.00126EPSS
Exploits0References4
OSV
OSV
added 2026/04/08 3:4 p.m.1 views

GHSA-5MWJ-V5JW-5C97 LobeHub: Unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header

Summary The webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the XOR key is hardcoded in the repository, an attacker can forge arbitrary auth payloads and bypass authentication on protected...

5CVSS6AI score0.00126EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/02/06 4:45 a.m.227 views

Exploit for Server-Side Request Forgery in Lobehub Lobe_Chat

AAA CVE-2024-32964 SSRF Assessment Agentified Agent Assessmen...

9CVSS8.2AI score0.52964EPSS
Exploits2
Rows per page
Query Builder