| Page(s) : 1 ... 42 43 44 45 46 47 48 49 50 51 [52] 53 54 55 56 57 58 59 60 61 62 ... | Result(s) : 43237 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 9.8 | 2025-03-22 | CVE-2025-30472 | cve | Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via ... |
| 9.8 | 2025-03-21 | CVE-2025-2589 | cve | A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.... |
| 9.3 | 2025-03-21 | CVE-2025-29814 | cve | Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. |
| 9.8 | 2025-03-21 | CVE-2025-26336 | cve | Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge... |
| 9.8 | 2025-03-20 | CVE-2025-26852 | cve | DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection. |
| 9.8 | 2025-03-20 | CVE-2025-26853 | cve | DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema. |
| 9.8 | 2025-03-20 | CVE-2024-12016 | cve | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.This issue affects CM... |
| 9.8 | 2025-03-20 | CVE-2025-2505 | cve | The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possibl... |
| 9.8 | 2025-03-20 | CVE-2024-12450 | cve | In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. The function does not filter URL parameters, allowing att... |
| 9.1 | 2025-03-20 | CVE-2024-4990 | cve | In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior cl... |
| 9 | 2025-03-20 | CVE-2024-7053 | cve | A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set... |
| 9.1 | 2025-03-20 | CVE-2024-7776 | cve | A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate preventio... |
| 9.8 | 2025-03-20 | CVE-2024-8156 | cve | A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input `github.head.ref` is used insecurely, all... |
| 9.8 | 2025-03-20 | CVE-2024-8487 | cve | A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not properly restrict a... |
| 9.1 | 2025-03-20 | CVE-2024-8769 | cve | A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal. The `run_hash` p... |
| 9.8 | 2025-03-20 | CVE-2024-8898 | cve | A path traversal vulnerability exists in the `install` and `uninstall` API endpoints of parisneo/lollms-webui version V12 (Strawberry). This vulnerability allows attackers to cr... |
| 9.8 | 2025-03-20 | CVE-2024-8953 | cve | In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code ex... |
| 9.8 | 2025-03-20 | CVE-2024-8958 | cve | In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker ... |
| 9.8 | 2025-03-20 | CVE-2024-9053 | cve | vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_... |
| 9.8 | 2025-03-20 | CVE-2024-9095 | cve | In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control, allowing any logged-in user to create a Datastream to Google BigQuery and export the en... |
| Page(s) : 1 ... 42 43 44 45 46 47 48 49 50 51 [52] 53 54 55 56 57 58 59 60 61 62 ... | Result(s) : 43237 |
