| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-23835 | LobeHub Vulnerable to Improper Authorization in Presigned Upload | lobehub | lobe-chat | - | - | 2026-01-30 20:04:23 | Deep Dive |
| CVE-2026-23522 | Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion | lobehub | lobe-chat | Low | 3.7 | 2026-01-19 16:53:32 | Deep Dive |
| CVE-2026-23733 | Lobe Chat has Cross-Site Scripting (XSS) issue that may escalate to Remote Code Execution (RCE) | lobehub | lobe-chat | Medium | 6.4 | 2026-01-18 22:56:16 | Deep Dive |
| CVE-2025-62505 | SSRF in lobehub/lobe-chat with native web fetch module | lobehub | lobe-chat | Low | 3.0 | 2025-10-17 18:18:54 | Deep Dive |
| CVE-2025-59426 | lobe-chat has an Open Redirect | lobehub | lobe-chat | Medium | 4.3 | 2025-09-25 14:00:10 | Deep Dive |
| CVE-2025-59417 | Lobe Chat Desktop Vulnerable to Remote Code Execution via XSS in Chat Messages | lobehub | lobe-chat | - | - | 2025-09-18 14:38:55 | Deep Dive |
| CVE-2024-32965 | ssrf vulnerability in lobe-chat | lobehub | lobe-chat | High | 8.1 | 2024-11-26 18:25:56 | Deep Dive |
| CVE-2024-47066 | Lobe Chat has insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964) | lobehub | lobe-chat | Critical | 9.0 | 2024-09-23 15:17:43 | Deep Dive |
| CVE-2024-37895 | API Key Leak in lobe-chat | lobehub | lobe-chat | Medium | 5.7 | 2024-06-17 19:28:31 | Deep Dive |
| CVE-2024-32964 | lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability | lobehub | lobe-chat | Critical | 9.0 | 2024-05-10 14:49:31 | Deep Dive |
| CVE-2024-24566 | Lobe Chat unauthorized access to plugins | lobehub | lobe-chat | Medium | 5.3 | 2024-01-31 16:33:44 | Deep Dive |