Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'ID' in '/api/v1/download//'.
Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter
'visitor' in '/api/v1/webchat/message'.
An Improper Access Control vulnerability has been found in EmbedAI
2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the
Insecure Direct Object Reference (IDOR) vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability
prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized us
A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_route
An Improper Access Control vulnerability has been found in EmbedAI
2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the paramete
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a use
A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API E
A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function get_user_info/update_user_info of the file /src/backend/agentchat/api/v1/user.py of the component User End
A malicious, authenticated user in Aidex, versions prior to 1.7, could list credentials of other users, create or modify existing users in the application, list credentials of users in production or d
A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the file /system/downloadById. Performing a manipulation of the argument ID results in
In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known.
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this issue is some unknown functionality of the file /api/mjkj-chat/cgform-api/addData/
A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the comp
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying
ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can ac
A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /rest/cliente/ObterP
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by provid
A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the co
Page 1+ Next →