Vulnerabilidades em lobehub
13 resultadosCVE-2024-32964CRITICALlobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerabilityEPSS 54.7%CVE-2024-32965HIGHssrf vulnerability in lobe-chatEPSS 23.7%CVE-2024-47066CRITICALLobe Chat has insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)EPSS 10.8%CVE-2024-37895MEDIUMAPI Key Leak in lobe-chatEPSS 0.5%CVE-2024-24566MEDIUMLobe Chat unauthorized access to pluginsEPSS 0.5%CVE-2025-59417MEDIUMLobe Chat Desktop Vulnerable to Remote Code Execution via XSS in Chat MessagesEPSS 0.4%CVE-2026-23835MEDIUMLobeHub Vulnerable to Improper Authorization in Presigned UploadEPSS 0.3%CVE-2025-59426MEDIUMlobe-chat has an Open RedirectEPSS 0.3%CVE-2025-62505LOWSSRF in lobehub/lobe-chat with native web fetch moduleEPSS 0.3%CVE-2026-42045MEDIUMLobeHub: Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)EPSS 0.3%CVE-2026-23522LOWLobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File DeletionEPSS 0.2%CVE-2026-39411MEDIUMLobeHub has an unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` headerEPSS 0.1%CVE-2026-23733MEDIUMLobe Chat has Cross-Site Scripting (XSS) issue that may escalate to Remote Code Execution (RCE)EPSS 0.1%