| Page(s) : 1 ... 694 695 696 697 698 699 700 701 702 703 [704] 705 706 707 708 709 710 711 712 713 714 ... | Result(s) : 299940 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-03-20 | CVE-2024-7033 | cve | In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the download_model endpoint. When deployed on Windows, the application improperly hand... |
| N/A | 2025-03-20 | CVE-2024-7034 | cve | In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises fr... |
| N/A | 2025-03-20 | CVE-2024-7035 | cve | In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform... |
| N/A | 2025-03-20 | CVE-2024-7036 | cve | A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel ... |
| N/A | 2025-03-20 | CVE-2024-7039 | cve | In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other adminis... |
| N/A | 2025-03-20 | CVE-2024-7040 | cve | In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of ... |
| N/A | 2025-03-20 | CVE-2024-7043 | cve | An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is a... |
| N/A | 2025-03-20 | CVE-2024-7044 | cve | A Stored Cross-Site Scripting (XSS) vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content i... |
| N/A | 2025-03-20 | CVE-2024-7045 | cve | In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker i... |
| N/A | 2025-03-20 | CVE-2024-7046 | cve | An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application does not verify whether the attacker is an adm... |
| 9 | 2025-03-20 | CVE-2024-7053 | cve | A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set... |
| N/A | 2025-03-20 | CVE-2024-7058 | cve | A vulnerability in the sanitize_path function in parisneo/lollms-webui v10 - latest allows an attacker to bypass path sanitization by using relative paths such as './'... |
| N/A | 2025-03-20 | CVE-2024-7476 | cve | A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templ... |
| N/A | 2025-03-20 | CVE-2024-7760 | cve | aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allow... |
| N/A | 2025-03-20 | CVE-2024-7764 | cve | Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the `ge... |
| 7.5 | 2025-03-20 | CVE-2024-7765 | cve | In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive d... |
| 8.1 | 2025-03-20 | CVE-2024-7767 | cve | An improper access control vulnerability exists in danswer-ai/danswer version v0.3.94. This vulnerability allows the first user created in the system to view, modify, and delete... |
| N/A | 2025-03-20 | CVE-2024-7768 | cve | A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, `path`... |
| N/A | 2025-03-20 | CVE-2024-7771 | cve | A vulnerability in the Dockerized version of mintplex-labs/anything-llm (latest, digest 1d9452da2b92) allows for a denial of service. Uploading an audio file with a very low sam... |
| N/A | 2025-03-20 | CVE-2024-7773 | cve | Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45436. Notes: All CVE users should reference CVE-2024-45436 inste... |
| Page(s) : 1 ... 694 695 696 697 698 699 700 701 702 703 [704] 705 706 707 708 709 710 711 712 713 714 ... | Result(s) : 299940 |
