| Page(s) : 1 ... 92 93 94 95 96 97 98 99 100 101 [102] 103 104 105 106 107 108 109 110 111 112 ... | Result(s) : 114980 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 5.4 | 2025-03-20 | CVE-2024-10723 | cve | A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the des... |
| 5.4 | 2025-03-20 | CVE-2024-10724 | cve | A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination addre... |
| 5.4 | 2025-03-20 | CVE-2024-10725 | cve | A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application... |
| 6.1 | 2025-03-20 | CVE-2024-10727 | cve | A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HT... |
| 6.5 | 2025-03-20 | CVE-2024-11300 | cve | In lunary-ai/lunary before version 1.6.3, an improper access control vulnerability exists where a user can access prompt data of another user. This issue affects version 1.6.2 a... |
| 4.3 | 2025-03-20 | CVE-2024-12869 | cve | In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy b... |
| 5.4 | 2025-03-20 | CVE-2024-12871 | cve | An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. When the file is viewed within Ragflow, the pa... |
| 5.9 | 2025-03-20 | CVE-2024-12910 | cve | A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlli... |
| 4.3 | 2025-03-20 | CVE-2024-13060 | cve | A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' ... |
| 5.3 | 2025-03-20 | CVE-2024-6838 | cve | In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a l... |
| 6.1 | 2025-03-20 | CVE-2024-8021 | cve | An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. ... |
| 6.1 | 2025-03-20 | CVE-2024-8101 | cve | A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. The vulnerability arises due to the use of `dangerouslySe... |
| 5.4 | 2025-03-20 | CVE-2024-8400 | cve | A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML fil... |
| 6.1 | 2025-03-20 | CVE-2024-8556 | cve | A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for i... |
| 6.5 | 2025-03-20 | CVE-2024-8736 | cve | A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). The vulnerability can be exploited remotely v... |
| 6.5 | 2025-03-20 | CVE-2024-9000 | cve | In lunary-ai/lunary before version 1.4.26, the checklists.post() endpoint allows users to create or modify checklists without validating whether the user has proper permissions.... |
| 6.1 | 2025-03-20 | CVE-2024-9098 | cve | In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized... |
| 6.1 | 2025-03-20 | CVE-2024-9311 | cve | A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava v1.2.0 (LLaVA-1.6) allows an attacker to upload files with malicious content without authentication or use... |
| 6.5 | 2025-03-20 | CVE-2024-9612 | cve | In danswer-ai/danswer v0.3.94, administrators can set the visibility of pages within a workspace, including the search page. When the search page is set to be invisible, regular... |
| 5.4 | 2025-03-20 | CVE-2024-9699 | cve | A vulnerability in the file upload functionality of the FlatPress CMS admin panel (version latest) allows an attacker to upload a file with a JavaScript payload disguised as a f... |
| Page(s) : 1 ... 92 93 94 95 96 97 98 99 100 101 [102] 103 104 105 106 107 108 109 110 111 112 ... | Result(s) : 114980 |
