Dave

3 exploits Active since Jul 2024
CVE-2024-5616 WRITEUP MEDIUM WRITEUP
mudler/LocalAI <= 2.15.0 - Cross-Site Request Forgery in Model Deletion Functionality
A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview', without the victim's consent. The vulnerability is due to insufficient CSRF protection mechanisms on the model deletion functionality.
CVSS 4.3
CVE-2024-7010 WRITEUP MEDIUM WRITEUP
mudler/localai <2.17.1 - Info Disclosure
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid login credentials based on the server's response time, potentially leading to unauthorized access.
CVSS 5.9
EIP-2026-113007 EXPLOITDB text WORKING POC
vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection