| Page(s) : 1 ... 72 73 74 75 76 77 78 79 80 81 [82] 83 84 85 86 87 88 89 90 91 92 ... | Result(s) : 312940 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-03-20 | CVE-2024-7804 | cve | A deserialization vulnerability exists in the Pytorch RPC framework (torch.distributed.rpc) in pytorch/pytorch versions |
| 8.8 | 2025-03-20 | CVE-2024-7806 | cve | A vulnerability in open-webui/open-webui versions |
| N/A | 2025-03-20 | CVE-2024-7819 | cve | A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows attackers to steal sensitive information such as chat contents, API keys, and other data. This vulnerability occurs d... |
| N/A | 2025-03-20 | CVE-2024-7957 | cve | An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the load_credentials me... |
| N/A | 2025-03-20 | CVE-2024-7959 | cve | The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL withou... |
| N/A | 2025-03-20 | CVE-2024-7983 | cve | In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spe... |
| N/A | 2025-03-20 | CVE-2024-7990 | cve | A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the `/api/v1/models/add` endpoint, where the mod... |
| N/A | 2025-03-20 | CVE-2024-7999 | cve | A vulnerability in open-webui/open-webui version 79778fa allows an attacker to cause a Denial of Service (DoS) by uploading a file with a malformed multipart boundary. By append... |
| N/A | 2025-03-20 | CVE-2024-8017 | cve | An XSS vulnerability exists in open-webui/open-webui versions |
| N/A | 2025-03-20 | CVE-2024-8018 | cve | A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to ... |
| N/A | 2025-03-20 | CVE-2024-8019 | cve | In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_fil... |
| N/A | 2025-03-20 | CVE-2024-8020 | cve | A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endp... |
| 6.1 | 2025-03-20 | CVE-2024-8021 | cve | An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. ... |
| N/A | 2025-03-20 | CVE-2024-8024 | cve | A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leadi... |
| 8.1 | 2025-03-20 | CVE-2024-8026 | cve | A Cross-Site Request Forgery (CSRF) vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS head... |
| N/A | 2025-03-20 | CVE-2024-8027 | cve | A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS... |
| N/A | 2025-03-20 | CVE-2024-8028 | cve | A vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to cause a Denial of Service (DoS) by uploading a file with a malformed multipart boundary. By appending a large... |
| N/A | 2025-03-20 | CVE-2024-8029 | cve | An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims... |
| 8.2 | 2025-03-20 | CVE-2024-8053 | cve | In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation ser... |
| N/A | 2025-03-20 | CVE-2024-8055 | cve | Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations using the `PUT` and `COPY` commands. This vulnerability allows unauthenticated ... |
| Page(s) : 1 ... 72 73 74 75 76 77 78 79 80 81 [82] 83 84 85 86 87 88 89 90 91 92 ... | Result(s) : 312940 |
