Riasztások

In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control,...

An open redirect vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the...

A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to trick a user into uploading files without their consent, exploiting their...

A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server (version v5.0.1) allows unauthenticated attackers to cause excessive resource...

A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource...

A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint `/v1/resource/file/delete`. This vulnerability allows an attacker to delete any file on the server...

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary...

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path...

eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call...

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/sql/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by...