Lucene search
K

6 matches found

OSV
OSV
added 2026/07/02 7:41 p.m.4 views

CVE-2026-59095 LobeChat < 2.2.10-canary.18 - SSRF via importFromUrl and fetchImageFromUrl

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS6AI score0.00235EPSS
Exploits0References6
OSV
OSV
added 2026/05/05 6:4 p.m.7 views

GHSA-XQ4X-622M-Q8FQ LobeHub has a Cross-Site Scripting issue that escalates to Remote Code Execution

Summary The vulnerability was automatically discovered by an ai agent and then manually verified. LobeChat's message rendering mechanism has a stored cross-site scripting XSS vulnerability. Combined with the Electron main process's exposed insecure IPC interface, attackers can construct malicious...

6.2CVSS6.5AI score0.00266EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.15 views

PT-2026-37247

Name of the Vulnerable Software and Affected Versions LobeHub versions prior to 2.1.48 Description A stored cross-site scripting XSS issue exists in the message rendering mechanism. When processing custom tags in the src/features/Portal/Artifacts/Body/Renderer/index.tsx render process, the softwa...

6.2CVSS6.5AI score0.00266EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/02/03 12:0 a.m.4 views

LobeChat < 0.122.4 Improper Access Control

According to the self-reported version in its response header, the version of LobeChat hosted on the remote web server is prior to 0.122.4. It is, therefore, affected by an Improper Access Control allowing access plugins without proper authorization. Note that the scanner has not tested for these...

5.3CVSS7.4AI score0.00482EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/02/03 12:0 a.m.5 views

LobeChat < 1.19.13 Server-Side Request Forgery

According to the self-reported version in its response header, the version of LobeChat hosted on the remote web server is prior to 1.19.13. It is, therefore, affected by multiples Server-Side Request Forgery : - A Server-Side Request Forgery through proxy address - A Server-Side Request Forgery...

9CVSS7.4AI score0.23716EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2025/02/03 12:0 a.m.3 views

LobeChat < 0.150.6 Server-Side Request Forgery

According to the self-reported version in its response header, the version of LobeChat hosted on the remote web server is prior to 0.150.6. It is, therefore, affected by a Server-Side Request Forgery through agent proxy configuration. Note that the scanner has not tested for these issues but has...

9CVSS7.4AI score0.52683EPSS
Exploits2References2
Rows per page
Query Builder