| Page(s) : 1 ... 71 72 73 74 75 76 77 78 79 80 [81] 82 83 84 85 86 87 88 89 90 91 ... | Result(s) : 312940 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-03-20 | CVE-2024-7035 | cve | In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform... |
| N/A | 2025-03-20 | CVE-2024-7036 | cve | A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel ... |
| N/A | 2025-03-20 | CVE-2024-7039 | cve | In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other adminis... |
| N/A | 2025-03-20 | CVE-2024-7040 | cve | In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of ... |
| N/A | 2025-03-20 | CVE-2024-7043 | cve | An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is a... |
| N/A | 2025-03-20 | CVE-2024-7044 | cve | A Stored Cross-Site Scripting (XSS) vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content i... |
| N/A | 2025-03-20 | CVE-2024-7045 | cve | In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker i... |
| N/A | 2025-03-20 | CVE-2024-7046 | cve | An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application does not verify whether the attacker is an adm... |
| N/A | 2025-03-20 | CVE-2024-7053 | cve | A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set... |
| N/A | 2025-03-20 | CVE-2024-7058 | cve | A vulnerability in the sanitize_path function in parisneo/lollms-webui v10 - latest allows an attacker to bypass path sanitization by using relative paths such as './'... |
| N/A | 2025-03-20 | CVE-2024-7476 | cve | A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templ... |
| N/A | 2025-03-20 | CVE-2024-7760 | cve | aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allow... |
| N/A | 2025-03-20 | CVE-2024-7764 | cve | Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the `ge... |
| N/A | 2025-03-20 | CVE-2024-7765 | cve | In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive d... |
| N/A | 2025-03-20 | CVE-2024-7767 | cve | An improper access control vulnerability exists in danswer-ai/danswer version v0.3.94. This vulnerability allows the first user created in the system to view, modify, and delete... |
| N/A | 2025-03-20 | CVE-2024-7768 | cve | A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, `path`... |
| N/A | 2025-03-20 | CVE-2024-7771 | cve | A vulnerability in the Dockerized version of mintplex-labs/anything-llm (latest, digest 1d9452da2b92) allows for a denial of service. Uploading an audio file with a very low sam... |
| 9.8 | 2025-03-20 | CVE-2024-7773 | cve | A vulnerability in ollama/ollama version 0.1.37 allows for remote code execution (RCE) due to improper input validation in the handling of zip files. The vulnerability, known as... |
| 9.1 | 2025-03-20 | CVE-2024-7776 | cve | A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate preventio... |
| N/A | 2025-03-20 | CVE-2024-7779 | cve | A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular Expression Denial of Service (ReDoS) by manipulating regular expressions. This can signif... |
| Page(s) : 1 ... 71 72 73 74 75 76 77 78 79 80 [81] 82 83 84 85 86 87 88 89 90 91 ... | Result(s) : 312940 |
