| Page(s) : 1 ... 714 715 716 717 718 719 720 721 722 723 [724] 725 726 727 728 729 730 731 732 733 734 ... | Result(s) : 325773 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-03-20 | CVE-2024-7999 | cve | Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-53981. Notes: All CVE users should reference CVE-2024-53981 inste... |
| N/A | 2025-03-20 | CVE-2024-8017 | cve | An XSS vulnerability exists in open-webui/open-webui versions |
| N/A | 2025-03-20 | CVE-2024-8018 | cve | A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to ... |
| N/A | 2025-03-20 | CVE-2024-8019 | cve | In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_fil... |
| N/A | 2025-03-20 | CVE-2024-8020 | cve | A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endp... |
| 6.1 | 2025-03-20 | CVE-2024-8021 | cve | An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. ... |
| N/A | 2025-03-20 | CVE-2024-8024 | cve | A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leadi... |
| 8.1 | 2025-03-20 | CVE-2024-8026 | cve | A Cross-Site Request Forgery (CSRF) vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS head... |
| N/A | 2025-03-20 | CVE-2024-8027 | cve | A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS... |
| N/A | 2025-03-20 | CVE-2024-8028 | cve | A vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to cause a Denial of Service (DoS) by uploading a file with a malformed multipart boundary. By appending a large... |
| N/A | 2025-03-20 | CVE-2024-8029 | cve | An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims... |
| 8.2 | 2025-03-20 | CVE-2024-8053 | cve | In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation ser... |
| N/A | 2025-03-20 | CVE-2024-8055 | cve | Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations using the `PUT` and `COPY` commands. This vulnerability allows unauthenticated ... |
| N/A | 2025-03-20 | CVE-2024-8057 | cve | In version 0.4.1 of danswer-ai/danswer, a vulnerability exists where a basic user can create credentials and link them to an existing connector. This issue arises because the sy... |
| N/A | 2025-03-20 | CVE-2024-8060 | cve | OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint `/audio/api/v1/transcriptions` that allows for arbitrary file upload. The application performs insuffi... |
| N/A | 2025-03-20 | CVE-2024-8061 | cve | In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This... |
| 7.5 | 2025-03-20 | CVE-2024-8062 | cve | A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a `HEAD` request to verify the existence of a speci... |
| 7.5 | 2025-03-20 | CVE-2024-8063 | cve | A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile... |
| N/A | 2025-03-20 | CVE-2024-8065 | cve | A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victim's br... |
| N/A | 2025-03-20 | CVE-2024-8099 | cve | A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. An attacker can exploit this vulnerability b... |
| Page(s) : 1 ... 714 715 716 717 718 719 720 721 722 723 [724] 725 726 727 728 729 730 731 732 733 734 ... | Result(s) : 325773 |
