{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T15:08:35.168","vulnerabilities":[{"cve":{"id":"CVE-2024-12065","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:26.887","lastModified":"2025-10-21T14:47:02.637","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the server. The issue is due to improper input validation in the gradio web UI component."},{"lang":"es","value":"Existe una vulnerabilidad de inclusión de archivos locales en haotian-liu/llava en el commit c121f04. Esta vulnerabilidad permite a un atacante acceder a cualquier archivo del sistema mediante el envío de múltiples solicitudes manipuladas al servidor. El problema se debe a una validación de entrada incorrecta en el componente de interfaz web de gradio."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hliu:llava:2024-05-11:*:*:*:*:*:*:*","matchCriteriaId":"2745A606-7E36-42B1-B249-25532AF734B8"}]}]}],"references":[{"url":"https://huntr.com/bounties/0594503c-038f-401c-9127-08be32bfd682","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}