9 matches found
CVE-2026-3789
A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl...
CVE-2026-3789
A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl...
CVE-2026-3789 Bytedesk SpringAIGiteeRestController SpringAIGiteeRestService.java getModels server-side request forgery
A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl...
CVE-2026-3789 Bytedesk SpringAIGiteeRestController SpringAIGiteeRestService.java getModels server-side request forgery
A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl...
CVE-2026-3789
CVE-2026-3789 affects Bytedesk up to version 1.3.9, specifically the getModels function in SpringAIGiteeRestService.java within SpringAIGiteeRestController. The vulnerability arises from manipulating the apiUrl argument, leading to server-side request forgery and remote exploitation. An exploit i...
CVE-2026-3788
CVE-2026-3788 affects Bytedesk up to version 1.3.9, specifically the SpringAIOpenrouterRestController/SpringAIOpenrouterRestService.getModels path. The root cause is manipulation of the apiUrl parameter in getModels inside source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/Sp...
PT-2026-23988
Name of the Vulnerable Software and Affected Versions Bytedesk versions up to 1.3.9 Description A server-side request forgery condition exists in Bytedesk. The issue is located in the getModels function within the SpringAIOpenrouterRestController component, specifically in the file...
PT-2026-23989
Name of the Vulnerable Software and Affected Versions Bytedesk versions up to 1.3.9 Description A server-side request forgery condition exists in the getModels function within the SpringAIGiteeRestController component of Bytedesk. Manipulation of the apiUrl argument can lead to server-side reques...
PT-2013-6301 · Zenphoto · Zenphoto
Name of the Vulnerable Software and Affected Versions: Zenphoto versions prior to 1.4.5.4 Description: The issue is related to a cross-site scripting XSS vulnerability in the export function. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the URI...