| Page(s) : 1 ... 713 714 715 716 717 718 719 720 721 722 [723] 724 725 726 727 728 729 730 731 732 733 ... | Result(s) : 325773 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-03-20 | CVE-2024-7046 | cve | An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application does not verify whether the attacker is an adm... |
| 9 | 2025-03-20 | CVE-2024-7053 | cve | A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set... |
| N/A | 2025-03-20 | CVE-2024-7058 | cve | A vulnerability in the sanitize_path function in parisneo/lollms-webui v10 - latest allows an attacker to bypass path sanitization by using relative paths such as './'... |
| N/A | 2025-03-20 | CVE-2024-7476 | cve | A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templ... |
| N/A | 2025-03-20 | CVE-2024-7760 | cve | aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allow... |
| N/A | 2025-03-20 | CVE-2024-7764 | cve | Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the `ge... |
| 7.5 | 2025-03-20 | CVE-2024-7765 | cve | In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive d... |
| 8.1 | 2025-03-20 | CVE-2024-7767 | cve | An improper access control vulnerability exists in danswer-ai/danswer version v0.3.94. This vulnerability allows the first user created in the system to view, modify, and delete... |
| N/A | 2025-03-20 | CVE-2024-7768 | cve | A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, `path`... |
| N/A | 2025-03-20 | CVE-2024-7771 | cve | A vulnerability in the Dockerized version of mintplex-labs/anything-llm (latest, digest 1d9452da2b92) allows for a denial of service. Uploading an audio file with a very low sam... |
| N/A | 2025-03-20 | CVE-2024-7773 | cve | Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45436. Notes: All CVE users should reference CVE-2024-45436 inste... |
| 9.1 | 2025-03-20 | CVE-2024-7776 | cve | A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate preventio... |
| N/A | 2025-03-20 | CVE-2024-7779 | cve | A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular Expression Denial of Service (ReDoS) by manipulating regular expressions. This can signif... |
| N/A | 2025-03-20 | CVE-2024-7804 | cve | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| 8.8 | 2025-03-20 | CVE-2024-7806 | cve | A vulnerability in open-webui/open-webui versions |
| N/A | 2025-03-20 | CVE-2024-7819 | cve | A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows attackers to steal sensitive information such as chat contents, API keys, and other data. This vulnerability occurs d... |
| N/A | 2025-03-20 | CVE-2024-7957 | cve | An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the load_credentials me... |
| N/A | 2025-03-20 | CVE-2024-7959 | cve | The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL withou... |
| N/A | 2025-03-20 | CVE-2024-7983 | cve | In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spe... |
| N/A | 2025-03-20 | CVE-2024-7990 | cve | A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the `/api/v1/models/add` endpoint, where the mod... |
| Page(s) : 1 ... 713 714 715 716 717 718 719 720 721 722 [723] 724 725 726 727 728 729 730 731 732 733 ... | Result(s) : 325773 |
