Lucene search
K

5 matches found

CVE
CVE
added yesterday12 views

CVE-2026-59707

CVE-2026-59707 : LocalAI exposes an unauthenticated SSRF via POST /models/apply. The endpoint forwards unsanitized gallery URL fields to gallery.GetGalleryConfigFromURLWithContext, allowing requests to internal/private/loopback URLs and leaking partial responses in error messages. No exploitation...

9.2CVSS6.1AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-59707

LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper...

9.2CVSS6.1AI score
Exploits0References5
CVE
CVE
added 2024/07/06 5:48 p.m.88 views

CVE-2024-6095

Vulnerability: LocalAI (mudler/localai) 2.15.0 has a SSRF and partial LFI in the /models/apply endpoint. The endpoint accepts both http(s):// and file:// schemes, with file:// enabling local-file access. Impact is described as potential unauthorized access to internal HTTP(S) services and partial...

5.8CVSS5.2AI score0.02475EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/07/06 12:0 a.m.4 views

LocalAI Code Issues Vulnerabilities

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A code issue vulnerability exists in LocalAI version 2.15.0, which stems from a cross-site request forgery and local file inclusion vulnerability in the /models/apply API...

5.8CVSS6.8AI score0.02475EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/07/06 12:0 a.m.7 views

PT-2024-37382 · Unknown · Mudler/Localai

Name of the Vulnerable Software and Affected Versions: mudler/localai versions 2.15.0 Description: A vulnerability in the "/models/apply" endpoint allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the...

5.8CVSS5.7AI score0.02475EPSS
Exploits1References9
Rows per page
Query Builder