15 matches found
CVE-2024-10812
An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...
CVE-2024-10956
GPT Academy version 3.83 in the binary-husky/gptacademic repository is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting...
CVE-2024-10986
GPT Academic version 3.83 is vulnerable to a Local File Read LFI vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, the application overlooks the Tarslip triggered by symlinks...
CVE-2024-11031
In version 3.83 of binary-husky/gptacademic, a Server-Side Request Forgery SSRF vulnerability exists in the MarkdownTranslate.getfilesfromeverything API. This vulnerability is exploited through the HotReloadMarkdown翻译中 plugin function, which allows downloading arbitrary web hosts by only checking...
CVE-2024-11033
A Denial of Service DoS vulnerability exists in the file upload feature of binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an...
CVE-2024-11030 SSRF in binary-husky/gpt_academic
GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery SSRF vulnerability through its HotReload plugin function, which calls the crazyutils.getfilesfromeverything API without proper sanitization. This allows attackers to exploit the vulnerability to abuse the victim GPT Academic...
CVE-2024-10812
CVE-2024-10812 affects binary-husky/gpt_academic (v3.83) with an open redirect via the file parameter. The Nuclei template for GPT Academic v1.3.9 confirms the issue arises from user-controlled input that redirects to attacker-controlled URLs, enabling phishing, malware distribution, and credenti...
PT-2025-12066 · Unknown · Binary-Husky/Gpt Academic
Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version 3.83 Description: A Cross-Site Request Forgery CSRF issue allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads an...
PT-2025-12086 · Unknown · Gpt Academy
Name of the Vulnerable Software and Affected Versions: GPT Academy version 3.83 Description: GPT Academy version 3.83 is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server...
CVE-2024-10100
A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...
CVE-2024-10101 Stored XSS in binary-husky/gpt_academic
A stored cross-site scripting XSS vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloa...
CVE-2024-10101 Stored XSS in binary-husky/gpt_academic
A stored cross-site scripting XSS vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payloa...
CVE-2024-10100 Path Traversal in binary-husky/gpt_academic
A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...
PT-2024-16028 · Unknown · Binary-Husky/Gpt Academic
Name of the Vulnerable Software and Affected Versions: binary-husky/gpt academic version 3.83 Description: A stored cross-site scripting XSS vulnerability exists in the software. The vulnerability occurs at the "/file" endpoint, which renders HTML files. Malicious HTML files containing XSS payloa...
CVE-2022-36301
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password...