CVE-2024-32965 ssrf vulnerability in lobe-chat

Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without loggi ...

Continue Reading
CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) in labsai/eddi

E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestE ...

Continue Reading
CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) in labsai/eddi

E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestE ...

Continue Reading
CVE-2024-11669 Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access ...

Continue Reading
CVE-2024-11669 Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access ...

Continue Reading
CVE-2024-11828 Inefficient Algorithmic Complexity in GitLab

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an att ...

Continue Reading
CVE-2024-11828 Inefficient Algorithmic Complexity in GitLab

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an att ...

Continue Reading
CVE-2024-52008 Password Policy Bypass Vulnerability in Fides Webserver

Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassi ...

Continue Reading

Back to Main

Subscribe for the latest news: