56 matches found
EUVD-2024-47065
Malicious code in bioql PyPI...
EUVD-2025-7026
Malicious code in bioql PyPI...
EUVD-2025-14244
Malicious code in bioql PyPI...
EUVD-2024-47064
Malicious code in bioql PyPI...
EUVD-2025-6936
Malicious code in bioql PyPI...
CVE-2024-5936
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...
CVE-2024-5935
A Cross-Site Request Forgery CSRF vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's users...
CVE-2025-4515
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument alloworigins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the...
CVE-2025-4515
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument alloworigins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the...
CVE-2025-4515
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument alloworigins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the...
CVE-2025-4515
CVE-2025-4515 affects Zylon PrivateGPT up to 0.6.2. The issue resides in an unknown part of settings.yaml where manipulating the allow_origins parameter yields a permissive cross-domain policy with untrusted domains, enabling remote initiation of an attack. Public disclosure exists. Practical imp...
CVE-2025-4515 Zylon PrivateGPT settings.yaml cross-domain policy
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument alloworigins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the...
CVE-2025-4515 Zylon PrivateGPT settings.yaml cross-domain policy
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the argument alloworigins leads to permissive cross-domain policy with untrusted domains. It is possible to initiate the...
PrivateGPT 安全漏洞
PrivateGPT is an AI project open-sourced by Zylon. A security vulnerability exists in PrivateGPT version 0.6.2 and earlier, which stems from improper cross-domain policy due to misuse of the parameter alloworigins in the file settings.yaml...
PT-2025-20641 · Unknown · Zylon Privategpt
Name of the Vulnerable Software and Affected Versions: Zylon PrivateGPT versions up to 0.6.2 Description: A problematic issue was found in Zylon PrivateGPT, affecting an unknown part of the file settings.yaml. The manipulation of the allow origins argument leads to a permissive cross-domain polic...
CVE-2024-8029
An XSS vulnerability was discovered in the upload files process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks...
CVE-2024-8018
A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service DOS attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering privateGPT inaccessible...
CVE-2024-8029
An XSS vulnerability was discovered in the upload files process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks...
CVE-2024-8018
A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service DOS attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering privateGPT inaccessible...
CVE-2024-12063
CVE-2024-12063 affects imartinez/privategpt v0.6.2. The vulnerability is a DoS in the file upload feature caused by improper handling of form-data with an excessively large filename, which can overwhelm the server and render it unavailable to legitimate users. The exploitation details are not pro...