11 matches found
NextChat - Server-Side Request Forgery
NextChat v2.12.3 suffers from a Server-Side Request Forgery SSRF and Cross-Site Scripting vulnerability due to a lack of validation of the GET parameter on the WebDav API endpoint. id: CVE-2024-38514 info: name: NextChat - Server-Side Request Forgery author: DhiyaneshDk severity: high description...
EUVD-2023-43657
Malicious code in bioql PyPI...
CVE-2024-38514
NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and GET...
CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)
NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and GET...
CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)
NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and GET...
PT-2024-28043 · Nextchat · Nextchat
Name of the Vulnerable Software and Affected Versions: NextChat versions prior to 2.12.4 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. This is due to a lack of validation of the endpoint GET parameter on the "WebDav API endpoint". The SSRF can be used to...
ownCloud Security Breach
ownCloud is a personal cloud storage solution from US-based ownCloud, Inc. A security vulnerability exists in ownCloud core versions 10.6.0 through 10.13.0, which can be exploited to bypass WebDAV Api authentication using a pre-signed URL...
SUSE CVE-2023-39960
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing...
Nextcloud Server < 22.2.10.14, 23.x < 23.0.12.9, 24.x < 24.0.12.5, 25.x < 25.0.9, 26.x < 26.0.4 Improper Access Control Vulnerability (GHSA-2hrc-5fgp-c9c9)
Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Code injection
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing...
CVE-2023-39960
Technical details for CVE-2023-39960 are not publicly available in the provided documents; monitor for updates.