| Page(s) : 1 ... 709 710 711 712 713 714 715 716 717 718 [719] 720 721 722 723 724 725 726 727 728 729 ... | Result(s) : 325738 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-03-20 | CVE-2024-12778 | cve | A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are retrieved simultaneously ... |
| 7.5 | 2025-03-20 | CVE-2024-12779 | cve | A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the `POST /v1/llm/add_llm` and `POST /v1/conversa... |
| N/A | 2025-03-20 | CVE-2024-12864 | cve | A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of fo... |
| N/A | 2025-03-20 | CVE-2024-12866 | cve | A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which c... |
| N/A | 2025-03-20 | CVE-2024-12868 | cve | Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-47874. Notes: All CVE users should reference CVE-2024-47874 inste... |
| 4.3 | 2025-03-20 | CVE-2024-12869 | cve | In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy b... |
| N/A | 2025-03-20 | CVE-2024-12870 | cve | A stored cross-site scripting (XSS) vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch (cec2080). The vulnerability allows an attacker to... |
| 5.4 | 2025-03-20 | CVE-2024-12871 | cve | An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. When the file is viewed within Ragflow, the pa... |
| N/A | 2025-03-20 | CVE-2024-12880 | cve | A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled... |
| N/A | 2025-03-20 | CVE-2024-12882 | cve | comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited by combining the REST APIs `... |
| N/A | 2025-03-20 | CVE-2024-12886 | cve | An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP... |
| N/A | 2025-03-20 | CVE-2024-12909 | cve | A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `dat... |
| 5.9 | 2025-03-20 | CVE-2024-12910 | cve | A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlli... |
| N/A | 2025-03-20 | CVE-2024-12911 | cve | A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This ca... |
| 4.3 | 2025-03-20 | CVE-2024-13060 | cve | A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' ... |
| N/A | 2025-03-20 | CVE-2024-2292 | cve | Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users. |
| N/A | 2025-03-20 | CVE-2024-4023 | cve | A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a `.xsig` extension and directly accesses this f... |
| 9.1 | 2025-03-20 | CVE-2024-4990 | cve | In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior cl... |
| N/A | 2025-03-20 | CVE-2024-5752 | cve | A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, ... |
| N/A | 2025-03-20 | CVE-2024-6483 | cve | A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not ... |
| Page(s) : 1 ... 709 710 711 712 713 714 715 716 717 718 [719] 720 721 722 723 724 725 726 727 728 729 ... | Result(s) : 325738 |
