| Page(s) : 1 ... 695 696 697 698 699 700 701 702 703 704 [705] 706 707 708 709 710 711 712 713 714 715 ... | Result(s) : 299940 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 9.1 | 2025-03-20 | CVE-2024-7776 | cve | A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate preventio... |
| N/A | 2025-03-20 | CVE-2024-7779 | cve | A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular Expression Denial of Service (ReDoS) by manipulating regular expressions. This can signif... |
| N/A | 2025-03-20 | CVE-2024-7804 | cve | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| 8.8 | 2025-03-20 | CVE-2024-7806 | cve | A vulnerability in open-webui/open-webui versions |
| N/A | 2025-03-20 | CVE-2024-7819 | cve | A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows attackers to steal sensitive information such as chat contents, API keys, and other data. This vulnerability occurs d... |
| N/A | 2025-03-20 | CVE-2024-7957 | cve | An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the load_credentials me... |
| N/A | 2025-03-20 | CVE-2024-7959 | cve | The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL withou... |
| N/A | 2025-03-20 | CVE-2024-7983 | cve | In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spe... |
| N/A | 2025-03-20 | CVE-2024-7990 | cve | A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the `/api/v1/models/add` endpoint, where the mod... |
| N/A | 2025-03-20 | CVE-2024-7999 | cve | Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-53981. Notes: All CVE users should reference CVE-2024-53981 inste... |
| N/A | 2025-03-20 | CVE-2024-8017 | cve | An XSS vulnerability exists in open-webui/open-webui versions |
| N/A | 2025-03-20 | CVE-2024-8018 | cve | A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to ... |
| N/A | 2025-03-20 | CVE-2024-8019 | cve | In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_fil... |
| N/A | 2025-03-20 | CVE-2024-8020 | cve | A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endp... |
| 6.1 | 2025-03-20 | CVE-2024-8021 | cve | An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. ... |
| N/A | 2025-03-20 | CVE-2024-8024 | cve | A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leadi... |
| 8.1 | 2025-03-20 | CVE-2024-8026 | cve | A Cross-Site Request Forgery (CSRF) vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS head... |
| N/A | 2025-03-20 | CVE-2024-8027 | cve | A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS... |
| N/A | 2025-03-20 | CVE-2024-8028 | cve | A vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to cause a Denial of Service (DoS) by uploading a file with a malformed multipart boundary. By appending a large... |
| N/A | 2025-03-20 | CVE-2024-8029 | cve | An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims... |
| Page(s) : 1 ... 695 696 697 698 699 700 701 702 703 704 [705] 706 707 708 709 710 711 712 713 714 715 ... | Result(s) : 299940 |
