Lucene search
K

4072 matches found

Huntr
Huntr
added 2024/10/31 8:36 a.m.6 views

SSRF due to insufficient patch of CVE-2024-5822

This report is not public...

9.8CVSS7.1AI score0.00523EPSS
Exploits2
Huntr
Huntr
added 2024/10/30 8:25 p.m.5 views

(Blind) Stored XSS through the debug_log.html generated by the Latex Proof-Reading Module

This report is not public...

5.4CVSS7.1AI score0.00363EPSS
Exploits1
Huntr
Huntr
added 2024/10/30 3:48 a.m.4 views

High-Severity Command Injection Vulnerability in run_BingBertSquad.sh

This report is not public...

7.1AI score
Exploits0
Huntr
Huntr
added 2024/10/28 7:45 a.m.6 views

Denial of service cause by unhandled exception

Description In javascript express, if async router handler throw an exception, the whole server will crash. In librechat, middleware checkBan is not surrounded by try catch block. This middleware, under some crafted payload, will throw exception and cause server crash. This poc can be exploited b...

7.5CVSS7.7AI score0.00864EPSS
Exploits1
Huntr
Huntr
added 2024/10/28 4:42 a.m.6 views

Denial of Service(DOS) in KnowledgeBaseWebReader

Target Target Description KnowledgeBaseWebReader class recursively calls getarticleurls method. If the attacker can control a url variable to contain the root URL, it can lead to infinite recursive calls involving the same root URL repeatedly. This would cause a Denial of Service DoS scenario,...

5.9CVSS7.3AI score0.0064EPSS
Exploits1
Huntr
Huntr
added 2024/10/27 9:35 p.m.4 views

SSRF Vulnerabilities found in Search and Github Integration AutoGPT Blocks

Hi, AutoGPT developers! Summary I have identified several Server-Side Request Forgery SSRF vulnerabilities in the default agent blocks provided by the AutoGPT platform. These vulnerabilities could lead to severe security issues, including credential leakage e.g., GitHub tokens, internal network...

6.5CVSS7AI score0.00525EPSS
Exploits0
Huntr
Huntr
added 2024/10/26 8:54 a.m.4 views

Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes

This report is not public...

8.8CVSS7.1AI score0.00542EPSS
Exploits1
Huntr
Huntr
added 2024/10/26 5:23 a.m.4 views

Missing check_access in lollms_binding_infos

This report is not public...

8CVSS7.1AI score0.00219EPSS
Exploits0
Huntr
Huntr
added 2024/10/25 6:33 p.m.5 views

Logs Debug Injection In File Download

Description In 2 API: /code/download/:sessionId/:fileId and /download/:userId/:fileid The parameters sessionId, fileId, userId, fileid are not validated or filtered at all but are saved directly to log.debug Proof of Concept Prepare: The logs file on the server is stored at /app/api/debug-.log I...

5.3CVSS5.2AI score0.00458EPSS
Exploits1
Huntr
Huntr
added 2024/10/25 12:45 p.m.4 views

SSRF via Custom Tool Testing

This report is not public...

6.5CVSS7.1AI score0.0061EPSS
Exploits1
Huntr
Huntr
added 2024/10/25 8:24 a.m.7 views

unhandled exception caused server crash

Description in javascript express framework, if async router handler throw an exception, the whole server will crash. In librechat, some API, when leading with some malformed input, will have uncaught exception. This will lead to server crash, thus a full denial of service. Mind that although thi...

6.5CVSS6.8AI score0.00796EPSS
Exploits1
Huntr
Huntr
added 2024/10/25 4:45 a.m.3 views

Admin account takeover due to allowed excessive guessing attempts for password reset code

This report is not public...

8.1CVSS7.1AI score0.00634EPSS
Exploits1
Huntr
Huntr
added 2024/10/25 4:34 a.m.5 views

Admin user account takeover due to password reset code not being checked on the backend

This report is not public...

8.1CVSS7.1AI score0.00614EPSS
Exploits1
Huntr
Huntr
added 2024/10/23 6:4 p.m.6 views

XSS in the edit HTML

This report is not public...

5.4CVSS7.1AI score0.00279EPSS
Exploits0
Huntr
Huntr
added 2024/10/23 4:53 p.m.8 views

XSS by uploading pdf file

This report is not public...

5.4CVSS7.1AI score0.00359EPSS
Exploits1
Huntr
Huntr
added 2024/10/23 2:2 p.m.6 views

SSRF via POST /internal/models/download and GET /view REST APIs

This report is not public...

7.5CVSS7.1AI score0.00703EPSS
Exploits1
Huntr
Huntr
added 2024/10/23 11:44 a.m.3 views

Denial of service by memory exhaustion

This report is not public...

7.5CVSS7.1AI score0.00664EPSS
Exploits0
Huntr
Huntr
added 2024/10/23 8:58 a.m.5 views

Allowing execution user provided regexp, lead to Redos

Description librechat have a functionality of uploading chatgpt chat log. when processing the log, following code is executed: const pattern = new RegExp \u3010$citation.metadata.extra.citedmessageidx\u2020.+?\u3011, 'g', ; const replacement = $citation.metadata.title; messageText =...

7.2AI score
Exploits0
Huntr
Huntr
added 2024/10/23 8:14 a.m.5 views

Missing access control on endpoint to list all evaluations in lunary-ai/lunary

Description The /v1/evaluators/ route allows users to fetch all evaluators of a project by sending a GET request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can access evaluator data. The current implementation: Does not...

6.5CVSS6.6AI score0.00487EPSS
Exploits1
Huntr
Huntr
added 2024/10/22 8:18 p.m.3 views

Denial of service through memory exhaustion

This report is not public...

7.1AI score
Exploits0
Huntr
Huntr
added 2024/10/22 6:51 p.m.5 views

An user can view any others invite list

This report is not public...

4.3CVSS7.1AI score0.00508EPSS
Exploits1
Huntr
Huntr
added 2024/10/22 3:18 p.m.4 views

SSRF via POST /api/proxy

This report is not public...

7.5CVSS7.1AI score0.00703EPSS
Exploits1
Huntr
Huntr
added 2024/10/22 9:26 a.m.6 views

RCE & Full Read SSRF & Arbitrary File Read in /web_crawl endpoint

Description The webcrawl function in documentapp.py contains a RCE vulnerability. This function receives the URL parameter, accesses and obtains the HTML content of the URL through Chromium headless, and converts the HTML content into a PDF file. Users can obtain the converted PDF file through th...

9.8CVSS9.6AI score0.17227EPSS
Exploits3
Huntr
Huntr
added 2024/10/21 5:34 p.m.4 views

SSRF via POST /v1/llm/add_llm and /v1/conversation/tts

This report is not public...

7.5CVSS7.1AI score0.0061EPSS
Exploits1
Huntr
Huntr
added 2024/10/21 9:28 a.m.4 views

URL check not complete, lead to SSRF

This report is not public...

6.5CVSS7.1AI score0.00561EPSS
Exploits1
Huntr
Huntr
added 2024/10/20 5:5 p.m.5 views

Denial of Service

This report is not public...

7.5CVSS7.7AI score0.00664EPSS
Exploits0
Huntr
Huntr
added 2024/10/20 4:11 p.m.4 views

Web server DOS through run metrics

This report is not public...

7.5CVSS7.7AI score0.00727EPSS
Exploits1
Huntr
Huntr
added 2024/10/19 9:6 a.m.6 views

Improper Role Modification by Admins for Billing Permissions

Description Admins, who do not have direct permissions to access billing resources, are able to change the permissions of existing users to have billing permissions. This can lead to a privilege escalation scenario where an administrator can: 1. Change the role of an existing user to include...

7.3CVSS7.7AI score0.00469EPSS
Exploits1
Huntr
Huntr
added 2024/10/19 7:59 a.m.5 views

Lack of access control on /users/me/org endpoint

Description The /users/me/org route is not adequately protected by access control mechanisms such as a middleware. This lack of authorization allows unauthorized users to access information about all team members in the current organization, even if the user does not have sufficient privileges. A...

6.5CVSS6.5AI score0.00496EPSS
Exploits1
Huntr
Huntr
added 2024/10/19 1:27 a.m.4 views

Remote Code Execution via Pickle Deserialization with Hard-Coded AuthKey in RPC Server

Description RagFlow implements an RPC server using Python's native multiprocessing package. It fully understands the use of AuthKey to access and control the group communication when applying multiprocessing for network conditions via socket, but the current implementation hard-coded the AuthKey ...

9.8CVSS9.8AI score0.01549EPSS
Exploits1
Huntr
Huntr
added 2024/10/18 8:7 p.m.4 views

XSS through document upload

This report is not public...

5.4CVSS7.1AI score0.00454EPSS
Exploits0
Huntr
Huntr
added 2024/10/18 1:59 p.m.5 views

Denial of service through sshfs-client in tracking server

This report is not public...

5.9CVSS6AI score0.00442EPSS
Exploits1
Huntr
Huntr
added 2024/10/18 9:23 a.m.5 views

Running user provided regular expression, lead to DOS

This report is not public...

6.5CVSS7.1AI score0.00846EPSS
Exploits1
Huntr
Huntr
added 2024/10/17 9:14 p.m.12 views

Unauthenticated Denial of Service (DoS) via Multipart Boundary in recent integration of Gradio UI

This report is not public...

7.1AI score
Exploits0
Huntr
Huntr
added 2024/10/17 8:57 p.m.5 views

Open Redirect

This report is not public...

7.1AI score
Exploits0
Huntr
Huntr
added 2024/10/17 8:9 a.m.5 views

7z slip lead to remote code execution

This report is not public...

8.8CVSS7.1AI score0.01478EPSS
Exploits1
Huntr
Huntr
added 2024/10/17 7:55 a.m.5 views

rar slip lead to remote code execution

This report is not public...

8.8CVSS7.1AI score0.01478EPSS
Exploits1
Huntr
Huntr
added 2024/10/16 11:49 a.m.8 views

Local File Inclusion in netease-youdao/qanything

This report is not public...

7.5CVSS7.1AI score0.0139EPSS
Exploits1
Huntr
Huntr
added 2024/10/16 8:6 a.m.5 views

Redos (Regular Expression Denial of Service)

This report is not public...

6.5CVSS7.1AI score0.00671EPSS
Exploits1
Huntr
Huntr
added 2024/10/15 9:33 a.m.4 views

server crash by zip bomb

This report is not public...

6.5CVSS7.1AI score0.00671EPSS
Exploits1
Huntr
Huntr
added 2024/10/12 8:12 a.m.4 views

pickle deserialization vulnerability

Description There is a pickle deserialization vulnerability in the Latex English error correction plug-in function of gptacademic, which allows attackers to achieve remote command execution Environment setup 1. wget https://github.com/binary-husky/gptacademic/archive/refs/tags/version3.83.zip 2...

8.8CVSS9.2AI score0.01837EPSS
Exploits1
Huntr
Huntr
added 2024/10/11 4:4 p.m.5 views

Missing check_access leads to directory deletion

This report is not public...

8.4CVSS7.1AI score0.00297EPSS
Exploits1
Huntr
Huntr
added 2024/10/10 1:40 p.m.5 views

User can share/use/create prompts not permission

Description Users can share/use/create prompts without being granted permission by the admin. This can break application logic and permissions. Proof of Concept 1. Go to acount admin disable function share/use/create prompt. 2. share/use/create prompts with normal user. POST /api/prompts HTTP/1.1...

5.4CVSS5.8AI score0.00334EPSS
Exploits1
Huntr
Huntr
added 2024/10/10 5:39 a.m.10 views

Patch bypass (Insufficient Patch) of CVE-2024-8736 leads to DoS

This report is not public...

7.5CVSS7.1AI score0.0059EPSS
Exploits2
Huntr
Huntr
added 2023/10/18 7:42 a.m.42 views

heap-buffer-overflow in /radare2/shlr/java/code.c:211:21 in java_print_opcode

Description heap-buffer-overflow in /radare2/shlr/java/code.c:211:21 in javaprintopcode Version $ r2 -v radare2 5.8.9 31339 @ linux-x86-64 birth: git.5.8.8-691-gb2de2288d8 2023-10-1701:18:28 commit: b2de2288d8299f89288c503fc2ce22381b61aba0 Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes...

6.8CVSS7AI score0.0079EPSS
Exploits1
Huntr
Huntr
added 2023/10/15 2:58 p.m.16 views

new 3 SEGV in MP4Box

Description new 3 SEGV in MP4Box Version $ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic 3322.04.1-Ubuntu SMP PREEMPTDYNAMIC Thu Sep 7 10:33:52 UTC 2 x8664 x8664 x8664 GNU/Linux Reproduce ./MP4Box -das...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/10/15 12:9 p.m.19 views

leaked all users names from a user without known permissions

Description - From any user account without authority go to /admin/users page to view employee information but can leak all employee names that exist on the platform. - The vulnerabilities occurred in the 3 features : delete, set active state, assign role in page /admin/users and...

6.8AI score
Exploits0
Huntr
Huntr
added 2023/10/14 8:28 p.m.39 views

Privilege Escalation to admin from any other users

Description By default, hestiacp creates a default fpm configuration that runs php-fpm service as the www-data user common socket. Also another php-fpm service runs from admin user and www-data group unix-socket. That allows any user upload php-file into /tmp dir, then run that script from...

7.1AI score0.00285EPSS
Exploits1
Huntr
Huntr
added 2023/10/13 9:17 a.m.20 views

Restricted vim sandbox escape

Description Restricted vim doesn't allow executing shell commands but it's possible to bypass this by setting GCONVPATH environment variable. I'm not sure if this can be consider a vulnerability but I decided to report it anyway found this while playing TeamItaly CTF . Proof of Concept Save this...

7.1AI score
Exploits0
Huntr
Huntr
added 2023/10/13 6:44 a.m.19 views

stack-buffer-overflow in gf_text_get_utf8_line

Description stack-buffer-overflow in gftextgetutf8line at filters/loadtext.c:381. Version git log commit 7edc40feef23efd8c9948292d269eae76fa475af HEAD - master, origin/master, origin/HEAD Author: jeanlf Date: Thu Oct 12 16:58:53 2023 +0200 ./bin/gcc/MP4Box -version MP4Box - GPAC version...

6.8AI score
Exploits0
Total number of security vulnerabilities4072