| Page(s) : 1 ... 61 62 63 64 65 66 67 68 69 70 [71] 72 73 74 75 76 77 78 79 80 81 ... | Result(s) : 97115 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 7.5 | 2025-03-20 | CVE-2024-8524 | cve | A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted PO... |
| 7.5 | 2025-03-20 | CVE-2024-8952 | cve | A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint... |
| 7.5 | 2025-03-20 | CVE-2024-8966 | cve | A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number o... |
| 7.5 | 2025-03-20 | CVE-2024-8998 | cve | A Regular Expression Denial of Service (ReDoS) vulnerability exists in lunary-ai/lunary version git f07a845. The server uses the regex /{.*?}/ to match user-controlled strings. ... |
| 7.5 | 2025-03-20 | CVE-2024-8999 | cve | lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to ex... |
| 7.1 | 2025-03-20 | CVE-2024-9096 | cve | In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to modify checklists by sending a PATCH request. The route lacks proper access control, ... |
| 8.1 | 2025-03-20 | CVE-2024-9099 | cve | In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers ... |
| 7.5 | 2025-03-20 | CVE-2024-9606 | cve | In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first ... |
| 8.8 | 2025-03-20 | CVE-2024-9920 | cve | In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, ... |
| 8.8 | 2025-03-20 | CVE-2025-0185 | cve | A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the... |
| 7.5 | 2025-03-20 | CVE-2025-0189 | cve | In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very l... |
| 7.5 | 2025-03-20 | CVE-2025-0190 | cve | In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web A... |
| 7.5 | 2025-03-20 | CVE-2025-0312 | cve | A vulnerability in ollama/ollama versions |
| 7.5 | 2025-03-20 | CVE-2025-0315 | cve | A vulnerability in ollama/ollama |
| 7.5 | 2025-03-20 | CVE-2025-0317 | cve | A vulnerability in ollama/ollama versions |
| 7.5 | 2025-03-20 | CVE-2025-0453 | cve | In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all... |
| 8.8 | 2025-03-20 | CVE-2025-1040 | cve | AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the im... |
| 7.5 | 2025-03-20 | CVE-2025-1451 | cve | A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of ... |
| 8.6 | 2025-03-19 | CVE-2025-30154 | cve | reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code add... |
| 7.5 | 2025-03-19 | CVE-2025-29924 | cve | XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API ... |
| Page(s) : 1 ... 61 62 63 64 65 66 67 68 69 70 [71] 72 73 74 75 76 77 78 79 80 81 ... | Result(s) : 97115 |
