Click to open the Alert Filter

 
Year Month
Severity
Categories
Search by Alert Name
Page(s) : 1 ... 70 71 72 73 74 75 76 77 78 79 [80] 81 82 83 84 85 86 87 88 89 90 ... Result(s) : 312940

Alerts Feed Alerts

DATE NAME CATEGORIES DETAIL
N/A 2025-03-20 CVE-2024-5752 cve A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, ...
N/A 2025-03-20 CVE-2024-6483 cve A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not ...
N/A 2025-03-20 CVE-2024-6577 cve In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownersh...
N/A 2025-03-20 CVE-2024-6583 cve A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by mani...
N/A 2025-03-20 CVE-2024-6825 cve BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'post_call_rules' configuration, wh...
N/A 2025-03-20 CVE-2024-6827 cve Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback m...
N/A 2025-03-20 CVE-2024-6829 cve A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of a maliciously crafted tarfile to arbi...
N/A 2025-03-20 CVE-2024-6838 cve In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a l...
N/A 2025-03-20 CVE-2024-6839 cve corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching p...
N/A 2025-03-20 CVE-2024-6841 cve A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest commit (56b782bcefd2e59b19cd7ba7878b95f54884f502) of the vanna-ai/vanna repository. Two endpoints in the b...
N/A 2025-03-20 CVE-2024-6842 cve In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-complete` API endpoint allows unauthorized users to access sensitive system settings. The data returned by the `curre...
N/A 2025-03-20 CVE-2024-6844 cve A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path i...
N/A 2025-03-20 CVE-2024-6851 cve In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does ...
N/A 2025-03-20 CVE-2024-6854 cve In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's f...
N/A 2025-03-20 CVE-2024-6863 cve In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen...
N/A 2025-03-20 CVE-2024-6866 cve corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally ...
N/A 2025-03-20 CVE-2024-6982 cve A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's `eval()` function t...
N/A 2025-03-20 CVE-2024-6986 cve A Cross-site Scripting (XSS) vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html...
N/A 2025-03-20 CVE-2024-7033 cve In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the download_model endpoint. When deployed on Windows, the application improperly hand...
N/A 2025-03-20 CVE-2024-7034 cve In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises fr...
Page(s) : 1 ... 70 71 72 73 74 75 76 77 78 79 [80] 81 82 83 84 85 86 87 88 89 90 ... Result(s) : 312940