| Page(s) : 1 ... 711 712 713 714 715 716 717 718 719 720 [721] 722 723 724 725 726 727 728 729 730 731 ... | Result(s) : 325773 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 4.3 | 2025-03-20 | CVE-2024-12869 | cve | In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy b... |
| N/A | 2025-03-20 | CVE-2024-12870 | cve | A stored cross-site scripting (XSS) vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch (cec2080). The vulnerability allows an attacker to... |
| 5.4 | 2025-03-20 | CVE-2024-12871 | cve | An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. When the file is viewed within Ragflow, the pa... |
| N/A | 2025-03-20 | CVE-2024-12880 | cve | A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled... |
| N/A | 2025-03-20 | CVE-2024-12882 | cve | comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited by combining the REST APIs `... |
| N/A | 2025-03-20 | CVE-2024-12886 | cve | An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP... |
| N/A | 2025-03-20 | CVE-2024-12909 | cve | A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `dat... |
| 5.9 | 2025-03-20 | CVE-2024-12910 | cve | A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlli... |
| N/A | 2025-03-20 | CVE-2024-12911 | cve | A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This ca... |
| 4.3 | 2025-03-20 | CVE-2024-13060 | cve | A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' ... |
| N/A | 2025-03-20 | CVE-2024-2292 | cve | Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users. |
| N/A | 2025-03-20 | CVE-2024-4023 | cve | A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a `.xsig` extension and directly accesses this f... |
| 9.1 | 2025-03-20 | CVE-2024-4990 | cve | In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior cl... |
| N/A | 2025-03-20 | CVE-2024-5752 | cve | A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, ... |
| N/A | 2025-03-20 | CVE-2024-6483 | cve | A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not ... |
| N/A | 2025-03-20 | CVE-2024-6577 | cve | In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownersh... |
| N/A | 2025-03-20 | CVE-2024-6583 | cve | A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by mani... |
| N/A | 2025-03-20 | CVE-2024-6825 | cve | BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'post_call_rules' configuration, wh... |
| N/A | 2025-03-20 | CVE-2024-6827 | cve | Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback m... |
| N/A | 2025-03-20 | CVE-2024-6829 | cve | A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of a maliciously crafted tarfile to arbi... |
| Page(s) : 1 ... 711 712 713 714 715 716 717 718 719 720 [721] 722 723 724 725 726 727 728 729 730 731 ... | Result(s) : 325773 |
