| Page(s) : 1 ... 685 686 687 688 689 690 691 692 693 694 [695] 696 697 698 699 700 701 702 703 704 705 ... | Result(s) : 299922 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-03-20 | CVE-2024-10225 | cve | A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service (DoS) by appending a large number of characters to the end of a multipart boundary in... |
| N/A | 2025-03-20 | CVE-2024-10252 | cve | A vulnerability in langgenius/dify versions |
| N/A | 2025-03-20 | CVE-2024-10264 | cve | HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy... |
| N/A | 2025-03-20 | CVE-2024-10267 | cve | An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, an... |
| N/A | 2025-03-20 | CVE-2024-10272 | cve | lunary-ai/lunary is vulnerable to broken access control in the latest version. An attacker can view the content of any dataset without any kind of authorization by sending a GET... |
| N/A | 2025-03-20 | CVE-2024-10273 | cve | In lunary-ai/lunary v1.5.0, improper privilege management in the models.ts file allows users with viewer roles to modify models owned by others. The PATCH endpoint for models do... |
| N/A | 2025-03-20 | CVE-2024-10274 | cve | An improper authorization vulnerability exists in lunary-ai/lunary version 1.5.5. The /users/me/org endpoint lacks adequate access control mechanisms, allowing unauthorized user... |
| N/A | 2025-03-20 | CVE-2024-10275 | cve | In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where admins, who do not have direct permissions to access billing resources, can change the permissions of existing... |
| N/A | 2025-03-20 | CVE-2024-10330 | cve | In lunary-ai/lunary version 1.5.6, the `/v1/evaluators/` endpoint lacks proper access control, allowing any user associated with a project to fetch all evaluator data regardless... |
| N/A | 2025-03-20 | CVE-2024-10359 | cve | In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. T... |
| N/A | 2025-03-20 | CVE-2024-10361 | cve | An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper... |
| N/A | 2025-03-20 | CVE-2024-10363 | cve | In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the ad... |
| N/A | 2025-03-20 | CVE-2024-10366 | cve | An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether ... |
| N/A | 2025-03-20 | CVE-2024-10457 | cve | Multiple Server-Side Request Forgery (SSRF) vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search... |
| N/A | 2025-03-20 | CVE-2024-10481 | cve | A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated C... |
| N/A | 2025-03-20 | CVE-2024-10513 | cve | A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulner... |
| N/A | 2025-03-20 | CVE-2024-10549 | cve | A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to construct a ... |
| N/A | 2025-03-20 | CVE-2024-10550 | cve | A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint applies a user-specified regular expres... |
| N/A | 2025-03-20 | CVE-2024-10553 | cve | A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulner... |
| N/A | 2025-03-20 | CVE-2024-10569 | cve | A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which... |
| Page(s) : 1 ... 685 686 687 688 689 690 691 692 693 694 [695] 696 697 698 699 700 701 702 703 704 705 ... | Result(s) : 299922 |
