Jeremia Geraldi - Security Researcher - Exploit Intelligence Platform

CVE-2025-45146 GITHUB CRITICAL WORKING POC

Codefuse Modelcache < 0.2.0 - Insecure Deserialization

ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data.

CVSS 9.8

View Code

CVE-2024-57783 WRITEUP HIGH WRITEUP

Dot <0.9.3 - XSS

The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs.

CVSS 8.1

View Code

CVE-2025-45146 WRITEUP CRITICAL WORKING POC

Codefuse Modelcache < 0.2.0 - Insecure Deserialization

ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data.

CVSS 9.8

View Code