CVE-2025-69207
- EPSS 0.01%
- Veröffentlicht 02.02.2026 23:16:01
- Zuletzt bearbeitet 27.02.2026 20:34:28
Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user U...
CVE-2024-52294
- EPSS 0.12%
- Veröffentlicht 30.12.2024 17:15:09
- Zuletzt bearbeitet 30.12.2024 17:15:09
Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference (IDOR) vulnerability in the update_subscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions ...
CVE-2024-43396
- EPSS 0.92%
- Veröffentlicht 20.08.2024 21:15:14
- Zuletzt bearbeitet 03.09.2024 18:19:33
Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly san...
CVE-2024-25639
- EPSS 0.41%
- Veröffentlicht 08.07.2024 15:15:21
- Zuletzt bearbeitet 21.11.2024 09:01:08
Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted document...