| Page(s) : 1 ... 73 74 75 76 77 78 79 80 81 82 [83] 84 85 86 87 88 89 90 91 92 93 ... | Result(s) : 312940 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-03-20 | CVE-2024-8057 | cve | In version 0.4.1 of danswer-ai/danswer, a vulnerability exists where a basic user can create credentials and link them to an existing connector. This issue arises because the sy... |
| N/A | 2025-03-20 | CVE-2024-8060 | cve | OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint `/audio/api/v1/transcriptions` that allows for arbitrary file upload. The application performs insuffi... |
| N/A | 2025-03-20 | CVE-2024-8061 | cve | In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This... |
| 7.5 | 2025-03-20 | CVE-2024-8062 | cve | A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a `HEAD` request to verify the existence of a speci... |
| N/A | 2025-03-20 | CVE-2024-8063 | cve | A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile... |
| N/A | 2025-03-20 | CVE-2024-8065 | cve | A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victim's br... |
| N/A | 2025-03-20 | CVE-2024-8099 | cve | A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. An attacker can exploit this vulnerability b... |
| N/A | 2025-03-20 | CVE-2024-8101 | cve | A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. The vulnerability arises due to the use of `dangerouslySe... |
| N/A | 2025-03-20 | CVE-2024-8156 | cve | A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input `github.head.ref` is used insecurely, all... |
| N/A | 2025-03-20 | CVE-2024-8183 | cve | A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to ... |
| N/A | 2025-03-20 | CVE-2024-8196 | cve | In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows... |
| N/A | 2025-03-20 | CVE-2024-8238 | cve | In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_getattr() function from RestrictedPython. This version does not protect against... |
| N/A | 2025-03-20 | CVE-2024-8248 | cve | A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storag... |
| N/A | 2025-03-20 | CVE-2024-8249 | cve | mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. An attacker ca... |
| N/A | 2025-03-20 | CVE-2024-8251 | cve | A vulnerability in mintplex-labs/anything-llm prior to version 1.2.2 allows for Prisma injection. The issue exists in the API endpoint "/embed/:embedId/stream-chat" where user-p... |
| N/A | 2025-03-20 | CVE-2024-8400 | cve | A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML fil... |
| N/A | 2025-03-20 | CVE-2024-8438 | cve | A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not properly sanitize the `path` parameter, allowing an attacke... |
| N/A | 2025-03-20 | CVE-2024-8487 | cve | A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not properly restrict a... |
| N/A | 2025-03-20 | CVE-2024-8489 | cve | A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery (CSRF) due to overly permissive CORS header... |
| N/A | 2025-03-20 | CVE-2024-8501 | cve | An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any fil... |
| Page(s) : 1 ... 73 74 75 76 77 78 79 80 81 82 [83] 84 85 86 87 88 89 90 91 92 93 ... | Result(s) : 312940 |
