| Page(s) : 1 [2] 3 4 5 6 7 8 9 10 11 12 ... | Result(s) : 271067 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2024-04-16 | CVE-2024-1594 | cve | A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attacke... |
| N/A | 2024-04-16 | CVE-2024-1601 | cve | An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message ... |
| N/A | 2024-04-16 | CVE-2024-1626 | cve | An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows a... |
| N/A | 2024-04-16 | CVE-2024-1646 | cve | parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0... |
| N/A | 2024-04-16 | CVE-2024-1665 | cve | lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluation creation due to missing server-side checks for user account status during evaluation creation. While the ... |
| N/A | 2024-04-16 | CVE-2024-1666 | cve | In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if... |
| N/A | 2024-04-16 | CVE-2024-1738 | cve | An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint. This vulnerabi... |
| N/A | 2024-04-16 | CVE-2024-1739 | cve | lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email ... |
| N/A | 2024-04-16 | CVE-2024-1961 | cve | vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Attackers can exploit this vu... |
| N/A | 2024-04-16 | CVE-2024-2083 | cve | A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipula... |
| N/A | 2024-04-16 | CVE-2024-2260 | cve | A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an att... |
| N/A | 2024-04-16 | CVE-2024-2912 | cve | An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this v... |
| N/A | 2024-04-16 | CVE-2024-30567 | cve | An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. |
| N/A | 2024-04-16 | CVE-2024-3028 | cve | mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logo_filena... |
| N/A | 2024-04-16 | CVE-2024-3029 | cve | In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the '/system/enable-multi-user' endpoint. This ... |
| N/A | 2024-04-16 | CVE-2024-3271 | cve | A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanis... |
| N/A | 2024-04-16 | CVE-2024-3571 | cve | langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore func... |
| N/A | 2024-04-16 | CVE-2024-3572 | cve | The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. Th... |
| N/A | 2024-04-16 | CVE-2024-3573 | cve | mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue ... |
| N/A | 2024-04-16 | CVE-2024-3574 | cve | In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cros... |
| Page(s) : 1 [2] 3 4 5 6 7 8 9 10 11 12 ... | Result(s) : 271067 |
