Click to open the Alert Filter

 
Year Month
Severity
Categories
Search by Alert Name
Page(s) : 1 ... 712 713 714 715 716 717 718 719 720 721 [722] 723 724 725 726 727 728 729 730 731 732 ... Result(s) : 325773

Alerts Feed Alerts

DATE NAME CATEGORIES DETAIL
5.3 2025-03-20 CVE-2024-6838 cve In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a l...
N/A 2025-03-20 CVE-2024-6839 cve corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching p...
N/A 2025-03-20 CVE-2024-6841 cve A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest commit (56b782bcefd2e59b19cd7ba7878b95f54884f502) of the vanna-ai/vanna repository. Two endpoints in the b...
N/A 2025-03-20 CVE-2024-6842 cve In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-complete` API endpoint allows unauthorized users to access sensitive system settings. The data returned by the `curre...
N/A 2025-03-20 CVE-2024-6844 cve A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path i...
N/A 2025-03-20 CVE-2024-6851 cve In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does ...
N/A 2025-03-20 CVE-2024-6854 cve In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's f...
N/A 2025-03-20 CVE-2024-6863 cve In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen...
N/A 2025-03-20 CVE-2024-6866 cve corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally ...
N/A 2025-03-20 CVE-2024-6982 cve A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's `eval()` function t...
N/A 2025-03-20 CVE-2024-6986 cve A Cross-site Scripting (XSS) vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html...
N/A 2025-03-20 CVE-2024-7033 cve In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the download_model endpoint. When deployed on Windows, the application improperly hand...
N/A 2025-03-20 CVE-2024-7034 cve In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises fr...
N/A 2025-03-20 CVE-2024-7035 cve In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform...
N/A 2025-03-20 CVE-2024-7036 cve A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel ...
N/A 2025-03-20 CVE-2024-7039 cve In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other adminis...
N/A 2025-03-20 CVE-2024-7040 cve In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of ...
N/A 2025-03-20 CVE-2024-7043 cve An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is a...
N/A 2025-03-20 CVE-2024-7044 cve A Stored Cross-Site Scripting (XSS) vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content i...
N/A 2025-03-20 CVE-2024-7045 cve In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker i...
Page(s) : 1 ... 712 713 714 715 716 717 718 719 720 721 [722] 723 724 725 726 727 728 729 730 731 732 ... Result(s) : 325773