📦 Localai

CVE-2024-6868 is a critical vulnerability in mudler/LocalAI version 2.17.1 that allows arbitrary file write through improper archive extraction handling. Attackers can exploit 'tarslip' attacks to wri...

A command injection vulnerability in mudler/localai version 2.14.0 allows attackers to execute arbitrary system commands by manipulating the backend parameter in configuration files. This can lead to ...

This CVE describes a command injection vulnerability in mudler/localai's TranscriptEndpoint that allows attackers to execute arbitrary commands on the host system by exploiting improper filename sanit...

CVE-2024-6983 is a critical remote code execution vulnerability in mudler/localai version 2.17.1 that allows attackers to upload malicious binary files and execute arbitrary code on the system. This v...

This Cross-Site Scripting (XSS) vulnerability in mudler/localai v2.21.1 allows attackers to inject malicious JavaScript code through the search functionality. When exploited, this can lead to session ...

LocalAI versions up to 2.20.1 contain a stored cross-site scripting (XSS) vulnerability in the delete model API. When malicious parameters are passed to this API, they can be stored and later executed...

A Cross-Site Request Forgery (CSRF) vulnerability in mudler/LocalAI allows attackers to trick authenticated users into deleting installed AI models without their consent. This affects LocalAI versions...