56 matches found
EUVD-2025-7026
Malicious code in bioql PyPI...
EUVD-2025-14244
Malicious code in bioql PyPI...
EUVD-2024-47064
Malicious code in bioql PyPI...
EUVD-2025-6936
Malicious code in bioql PyPI...
EUVD-2024-47065
Malicious code in bioql PyPI...
CVE-2024-5936
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...
CVE-2024-5935
A Cross-Site Request Forgery CSRF vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's users...
CVE-2025-4515
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument alloworigins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the...
CVE-2025-4515
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument alloworigins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the...
CVE-2025-4515
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument alloworigins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the...
CVE-2025-4515 Zylon PrivateGPT settings.yaml cross-domain policy
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument alloworigins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the...
CVE-2025-4515 Zylon PrivateGPT settings.yaml cross-domain policy
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument alloworigins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the...
CVE-2025-4515
CVE-2025-4515 affects Zylon PrivateGPT up to 0.6.2. The issue resides in an unknown part of settings.yaml where manipulating the allow_origins parameter yields a permissive cross-domain policy with untrusted domains, enabling remote initiation of an attack. Public disclosure exists. Practical imp...
PT-2025-20641 · Unknown · Zylon Privategpt
Name of the Vulnerable Software and Affected Versions: Zylon PrivateGPT versions up to 0.6.2 Description: A problematic issue was found in Zylon PrivateGPT, affecting an unknown part of the file settings.yaml. The manipulation of the allow origins argument leads to a permissive cross-domain polic...
PrivateGPT 安全漏洞
PrivateGPT is an AI project open-sourced by Zylon. A security vulnerability exists in PrivateGPT version 0.6.2 and earlier, which stems from improper cross-domain policy due to misuse of the parameter alloworigins in the file settings.yaml...
CVE-2024-8029
An XSS vulnerability was discovered in the upload files process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks...
CVE-2024-8018
A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service DOS attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering privateGPT inaccessible...
CVE-2024-8029
An XSS vulnerability was discovered in the upload files process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks...
CVE-2024-8018
A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service DOS attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering privateGPT inaccessible...
CVE-2024-12063 Denial of Service in imartinez/privategpt
A Denial of Service DoS vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...