| Page(s) : 1 ... 69 70 71 72 73 74 75 76 77 78 [79] 80 81 82 83 84 85 86 87 88 89 ... | Result(s) : 312940 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-03-20 | CVE-2024-12776 | cve | In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including adm... |
| N/A | 2025-03-20 | CVE-2024-12777 | cve | A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made ... |
| N/A | 2025-03-20 | CVE-2024-12778 | cve | A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. The issue arises when a large number of tracked metrics are retrieved simultaneously ... |
| N/A | 2025-03-20 | CVE-2024-12779 | cve | A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the `POST /v1/llm/add_llm` and `POST /v1/conversa... |
| N/A | 2025-03-20 | CVE-2024-12864 | cve | A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of fo... |
| N/A | 2025-03-20 | CVE-2024-12866 | cve | A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which c... |
| N/A | 2025-03-20 | CVE-2024-12868 | cve | In version 0.3.32 of open-webui, the application uses a vulnerable version of the starlette package through its dependency on fastapi. The starlette package versions |
| N/A | 2025-03-20 | CVE-2024-12869 | cve | In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy b... |
| N/A | 2025-03-20 | CVE-2024-12870 | cve | A stored cross-site scripting (XSS) vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch (cec2080). The vulnerability allows an attacker to... |
| N/A | 2025-03-20 | CVE-2024-12871 | cve | An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. When the file is viewed within Ragflow, the pa... |
| N/A | 2025-03-20 | CVE-2024-12880 | cve | A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled... |
| N/A | 2025-03-20 | CVE-2024-12882 | cve | comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability can be exploited by combining the REST APIs `... |
| N/A | 2025-03-20 | CVE-2024-12886 | cve | An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP... |
| N/A | 2025-03-20 | CVE-2024-12909 | cve | A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `dat... |
| N/A | 2025-03-20 | CVE-2024-12910 | cve | A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlli... |
| N/A | 2025-03-20 | CVE-2024-12911 | cve | A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This ca... |
| N/A | 2025-03-20 | CVE-2024-13060 | cve | A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' ... |
| N/A | 2025-03-20 | CVE-2024-2292 | cve | Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users. |
| N/A | 2025-03-20 | CVE-2024-4023 | cve | A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a `.xsig` extension and directly accesses this f... |
| N/A | 2025-03-20 | CVE-2024-4990 | cve | In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior cl... |
| Page(s) : 1 ... 69 70 71 72 73 74 75 76 77 78 [79] 80 81 82 83 84 85 86 87 88 89 ... | Result(s) : 312940 |
