| Page(s) : 1 ... 692 693 694 695 696 697 698 699 700 701 [702] 703 704 705 706 707 708 709 710 711 712 ... | Result(s) : 299940 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-03-20 | CVE-2024-12766 | cve | parisneo/lollms-webui version V13 (feather) suffers from a Server-Side Request Forgery (SSRF) vulnerability in the `POST /api/proxy` REST API. Attackers can exploit this vulnera... |
| N/A | 2025-03-20 | CVE-2024-12775 | cve | langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the test functionality for the Create Custom Tool option via the REST API `POST /co... |
| N/A | 2025-03-20 | CVE-2024-12776 | cve | In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including adm... |
| N/A | 2025-03-20 | CVE-2024-12777 | cve | A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made ... |
| N/A | 2025-03-20 | CVE-2024-12778 | cve | A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are retrieved simultaneously ... |
| 7.5 | 2025-03-20 | CVE-2024-12779 | cve | A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the `POST /v1/llm/add_llm` and `POST /v1/conversa... |
| N/A | 2025-03-20 | CVE-2024-12864 | cve | A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of fo... |
| N/A | 2025-03-20 | CVE-2024-12866 | cve | A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which c... |
| N/A | 2025-03-20 | CVE-2024-12868 | cve | Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-47874. Notes: All CVE users should reference CVE-2024-47874 inste... |
| 4.3 | 2025-03-20 | CVE-2024-12869 | cve | In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy b... |
| N/A | 2025-03-20 | CVE-2024-12870 | cve | A stored cross-site scripting (XSS) vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch (cec2080). The vulnerability allows an attacker to... |
| 5.4 | 2025-03-20 | CVE-2024-12871 | cve | An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. When the file is viewed within Ragflow, the pa... |
| N/A | 2025-03-20 | CVE-2024-12880 | cve | A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled... |
| N/A | 2025-03-20 | CVE-2024-12882 | cve | comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited by combining the REST APIs `... |
| N/A | 2025-03-20 | CVE-2024-12886 | cve | An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP... |
| N/A | 2025-03-20 | CVE-2024-12909 | cve | A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `dat... |
| 5.9 | 2025-03-20 | CVE-2024-12910 | cve | A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlli... |
| N/A | 2025-03-20 | CVE-2024-12911 | cve | A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This ca... |
| 4.3 | 2025-03-20 | CVE-2024-13060 | cve | A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' ... |
| N/A | 2025-03-20 | CVE-2024-2292 | cve | Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users. |
| Page(s) : 1 ... 692 693 694 695 696 697 698 699 700 701 [702] 703 704 705 706 707 708 709 710 711 712 ... | Result(s) : 299940 |
