Siemens SCALANCE LPE9403 SFTP Functional Path Traversal Vulnerability

Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing from Siemens. It is used to capture, collect and pre-process industrial field data. A path traversal vulnerability exists in Siemens SCALANCE LPE9403 6GK5998-3GS00-2AC2 V4.0 and earlier versions, which stem...

Mattermost Command Execution Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a command execution vulnerability that stems from unrestricted command execution in an archive channel, which can be exploited by an attacker to run commands in an archive chann...

GPT Academic Denial of Service Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a denial of service vulnerability that can be exploited by an attacker to cause a regular expression denial of service attack...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-06307)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Fortinet FortiNAC-F Trust Management Issues Vulnerability

Fortinet FortiNAC-F is a set of network access control solutions from the American Fiat Fortinet. The product is mainly used for network access control and IoT security. Fortinet FortiNAC-F suffers from a trust management issue vulnerability that stems from improper certificate validation, which...

D-Link DIR-605L/DIR-618 formAdvFirewall Function Access Control Error Vulnerability

The D-Link DIR-605L and D-Link DIR-618 are both a wireless router from China-based AUO D-Link. An Access Control Error vulnerability exists in the D-Link DIR-605L version 3.02 and the D-Link DIR-618 version 2.02, which stems from improper access control in the file /goform/formAdvFirewall, and ca...

D-Link DIR-605L/DIR-618 formSetPortTr Function Access Control Error Vulnerability

The D-Link DIR-605L and D-Link DIR-618 are both a wireless router from China-based AUO D-Link. An Access Control Error vulnerability exists in the D-Link DIR-618 version 2.02 and the D-Link DIR-605L version 3.02, which stems from improper access control in the file /goform/formSetPortTr, and can ...

lunary PATCH Endpoint Authorization Issue Vulnerability

lunary is lunary open source a production toolkit for LLM . lunary has an authorization problem vulnerability , the vulnerability stems from improper management of PATCH endpoint privileges , an attacker can use this vulnerability to cause low-privilege users to modify others' models...

HDF5 H5MM_strndup function buffer overflow vulnerability

HDF5 is a library of HDF open source . HDF5 has a buffer overflow vulnerability , the vulnerability stems from the H5MMstrndup function fails to correctly validate the length of the input data size , an attacker can use this vulnerability to cause a denial of service...

Vehicle Record Management System index.php File SQL Injection Vulnerability

Vehicle Record Management System is a vehicle record management system. Vehicle Record Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the searchinputdata parameter of index.php. An attacker can exploit this...

Remote code execution vulnerability in Ingress NGINX Controller (CNVD-2025-05883)

Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that can be exploited by an attacker to gain access to sensitive data such as credentials and keys across...

Remote code execution vulnerability in Ingress NGINX Controller (CNVD-2025-05884)

Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that can be exploited by an attacker to gain access to sensitive data such as credentials and keys across...

ChuanhuChatGPT HTML Injection Vulnerability

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. An HTML injection vulnerability exists in chuanhuchatgpt version 20b2e02, which stems from improper HTML tag cleanup in chat history uploads,...

ChuanhuChatGPT Security Bypass Vulnerability

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. ChuanhuChatGPT suffers from a security bypass vulnerability that originates when a username is provided via a client-side HTTP request, which...

Dell ThinOS Licensing Issues Vulnerabilities

Dell ThinOS is a client operating system from the American company Dell. An authorization issue vulnerability exists in Dell ThinOS 2408 and prior versions, which arises from improper privilege settings and can be exploited by a local, low-privilege attacker to cause an elevation of privilege...

Fortinet FortiSOAR Code Injection Vulnerability (CNVD-2025-12797)

Fortinet FortiSOAR is a Security Orchestration, Automation and Response SOAR solution from Fortinet. A code injection vulnerability exists in Fortinet FortiSOAR that stems from improper code generation controls and can be exploited by an attacker to cause arbitrary code to be executed...

Dell Secure Connect Gateway Information Disclosure Vulnerability

The Dell Secure Connect Gateway Dell SCG is a secure connectivity gateway from Dell, USA. The Dell Secure Connect Gateway suffers from an information disclosure vulnerability that originates when sensitive system information is exposed to an unauthorized control domain, which can be exploited by ...

Tenda AC7 Buffer Overflow Vulnerability (CNVD-2025-07593)

Tenda AC7 is a wireless router from Tenda, a Chinese company. The Tenda AC7 suffers from a buffer overflow vulnerability that originates from the timeZone parameter of the formfastsettingwifiset function failing to properly validate the length of the input data, which can be exploited by an...

ChuanhuChatGPT server-side request forgery vulnerability

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. A server-side request forgery vulnerability exists in ChuanhuChatGPT version 20240914, which stems from a vulnerability that allows a respons...

LibreChat Denial of Service Vulnerability (CNVD-2025-06064)

LibreChat is an enhanced ChatGPT clone. A denial-of-service vulnerability exists in LibreChat that stems from certain API endpoints not handling incorrectly formatted input when received, which can be exploited by an attacker to cause the server to crash...

Dell PowerEdge FX2 and Dell PowerEdge VRTX Buffer Overflow Vulnerability

The Dell PowerEdge FX2 and Dell PowerEdge VRTX are both products of Dell, Inc.The Dell PowerEdge FX2 is a 2U hybrid rackmount computing platform.The Dell PowerEdge VRTX is a mini server with a built-in storage system.... The Dell PowerEdge FX2 and Dell PowerEdge VRTX have a buffer overflow...

GPT Academic Path Traversal Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a path traversal vulnerability that can be exploited to cause an attacker to read a config.py file containing sensitive information...

GPT Academic File Read Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM large language models such as GPT/GLM. A file read vulnerability exists in GPT Academic, which stems from a failure of the HotReload feature to properly validate user input, and can be exploited by an attacker to read...

GPT Academic Command Injection Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a command injection vulnerability that stems from a security issue with the CodeInterpreter plugin, which can be exploited by an attacker to achieve Remote Co...

phpIPAM Device Management Partial Cross-Site Scripting Vulnerability

phpIPAM is phpIPAM open source set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in phpIPAM version 1.5.2, which stems from the lack of effective filtering and escaping of user-supplied data in the Device Management section,...

LibreChat Denial of Service Vulnerability

LibreChat is an enhanced ChatGPT clone. LibreChat suffers from a denial of service vulnerability that can be exploited by an attacker to cause a server crash...

LibreChat Arbitrary File Deletion Vulnerability

LibreChat is an enhanced ChatGPT clone. An arbitrary file deletion vulnerability exists in LibreChat, which stems from improper /api/files endpoint input validation, and can be exploited by an attacker to cause arbitrary file deletion...

lunary /users/me/org endpoint improper authorization vulnerability

lunary is lunary open source a production toolkit for LLM . An improper authorization vulnerability exists in lunary, which stems from an insufficient access control mechanism at the /users/me/org endpoint, and can be exploited by an attacker to obtain sensitive information...

lunary access control error vulnerability (CNVD-2025-07602)

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from improper access control on the /v1/datasets endpoint, and can be exploited by an attacker to gain access to unauthorized datasets...

GPT Academic Open Redirect Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from an open redirection vulnerability that originates from a user redirecting to a URL specified by the user-controlled file parameter without proper validation o...

GPT Academic Cross-Site Request Forgery Vulnerability (CNVD-2025-22738)

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a cross-site request forgery vulnerability that stems from a WEB application that does not adequately verify that a request is from a trusted user. An attacke...

Unspecified Vulnerability in Lunary

Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in Lunary versions prior to 1.5.9, which stems from a security issue in /v1/evaluators/endpoints, and can be exploited by an attacker to delete evaluator data, resulting in permanent data loss and potentia...

GPT Academic Denial of Service Vulnerability (CNVD-2025-22732)

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. A denial of service vulnerability exists in GPT Academic, which stems from a security issue in the file upload feature that can be exploited by an attacker to cause a denial of service...

ChuanhuChatGPT Denial of Service Vulnerability (CNVD-2025-06188)

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. ChuanhuChatGPT suffers from a denial of service vulnerability that stems from the use of an insecure regular expression. An attacker can...

GPT Academic Command Injection Vulnerability (CNVD-2025-22740)

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a command injection vulnerability that stems from improper handling of user-supplied prompts in the manim plugin, which can be exploited by an attacker to cau...

lunary cross-site scripting vulnerability (CNVD-2025-08307)

lunary is lunary open source a production toolkit for LLM . lunary cross-site scripting vulnerability , the vulnerability stems from the SAML IdP XML metadata on user-supplied data lack of effective filtering and escaping , an attacker can use the vulnerability to obtain and modify sensitive...

GPT Academic Cross-Site Scripting Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a cross-site scripting vulnerability that stems from the Latex Proof-Reading Module's lack of effective filtering and escaping of user-supplied data, which ca...

D-Link DIR-605L/DIR-618 formAdvNetwork Function Access Control Error Vulnerability

The D-Link DIR-605L and D-Link DIR-618 are both a wireless router from China-based AUO D-Link. An Access Control Error vulnerability exists in the D-Link DIR-605L version 3.02 and the D-Link DIR-618 version 2.02, which stems from improper access control in the file /goform/formAdvNetwork, and can...

D-Link DIR-605L/DIR-618 formVirtualServ Function Access Control Error Vulnerability

The D-Link DIR-605L and D-Link DIR-618 are both a wireless router from China-based AUO D-Link. An Access Control Error vulnerability exists in the D-Link DIR-605L and D-Link DIR-618 that stems from improper access control of the file /goform/formVirtualServ, which can be exploited by an attacker ...

D-Link DSL-3788 Buffer Overflow Vulnerability

The D-Link DSL-3788 is a modem from China-based AUO D-Link. The D-Link DSL-3788 suffers from a buffer overflow vulnerability that stems from the webproc cgi's COMMMAKECustomMsg function failing to correctly validate the length of the input data, which can be exploited by an attacker to cause a...

ChuanhuChatGPT Cross-Site Scripting Vulnerability

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. ChuanhuChatGPT suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping o...

Lunary /api/v1/data-warehouse/bigquery endpoint access control error vulnerability

Lunary is Lunary open source a production toolkit for LLM . Lunary suffers from an Access Control Error vulnerability that originates from the POST /api/v1/data-warehouse/bigquery endpoint without proper access control, which can be exploited by an attacker to obtain sensitive information...

lunary authorization issue vulnerability (CNVD-2025-07603)

lunary is lunary open source a production toolkit for LLM . An authorization issue vulnerability exists in lunary that stems from the checklists.post endpoint not being properly privilege-validated and can be exploited by an attacker to cause unauthorized creation or modification of checklists...

Unspecified vulnerability in Lunary (CNVD-2025-06939)

Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in Lunary version be54057 that stems from allowing users to upload and execute arbitrary regular expressions, which can be exploited by an attacker to potentially cause a denial of service...

Unspecified vulnerability in Lunary (CNVD-2025-06936)

Lunary is Lunary open source a production toolkit for LLM . Lunary afc5df4 version of a security vulnerability , the vulnerability stems from a flaw in the permission checking mechanism , an attacker can use this vulnerability to cause unauthorized access to sensitive endpoints...

Unspecified vulnerability in Lunary (CNVD-2025-06940)

Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in Lunary version 105a3f6 that originates from allowing users to upload and execute arbitrary regular expressions, which can be exploited by an attacker to potentially cause a regular expression denial of...

lunary authorization issue vulnerability (CNVD-2025-07599)

lunary is lunary open source a production toolkit for LLM . An authorization issue vulnerability exists in lunary that stems from the /checklists/:id route not being properly access controlled, which can be exploited by an attacker to cause a low-privileged user to modify the checklist...

lunary authorization issue vulnerability (CNVD-2025-07598)

lunary is lunary open source a production toolkit for LLM . An authorization issue vulnerability exists in lunary that stems from /bigquery API routing without proper access control, no detailed vulnerability details are provided at this time...

lunary denial of service vulnerability (CNVD-2025-07604)

lunary is lunary open source a production toolkit for LLM . A denial of service vulnerability exists in lunary that stems from the use of an insecure regular expression in the compileTextTemplate function. An attacker can exploit this vulnerability to cause a denial of service...

Unspecified vulnerability in Lunary (CNVD-2025-06938)

Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in lunary that stems from a user-created endpoint that does not restrict administrators from inviting users with billing roles, which can be exploited by an attacker to cause unauthorized access...