Skip to main content
CVE-2024-2083 CRITICAL POC PATCH THREAT Act Now

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Zenml
NVD GitHub
CVSS 3.1
9.9
EPSS
39.1%
CVE-2024-32027 CRITICAL POC PATCH Act Now

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Kohya Ss
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2024-32026 CRITICAL POC PATCH Act Now

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Kohya Ss
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2024-32022 CRITICAL POC PATCH Act Now

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Kohya Ss
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2024-3271 CRITICAL POC PATCH Act Now

A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Llamaindex
NVD GitHub
CVSS 3.0
9.8
EPSS
2.9%
CVE-2024-1601 CRITICAL POC PATCH THREAT Act Now

An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Lollms Webui
NVD GitHub
CVSS 3.1
9.8
EPSS
40.4%
CVE-2024-3573 CRITICAL POC PATCH Act Now

mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mlflow
NVD GitHub
CVSS 3.1
9.3
EPSS
0.7%
CVE-2024-32025 CRITICAL POC PATCH Act Now

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Kohya Ss
NVD GitHub
CVSS 3.1
9.1
EPSS
2.5%
CVE-2024-1739 CRITICAL POC PATCH Act Now

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Lunary
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-0404 CRITICAL POC PATCH Act Now

A mass assignment vulnerability exists in the `/api/invite/:code` endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Anythingllm
NVD GitHub
CVSS 3.0
9.1
EPSS
0.8%
CVE-2024-2912 CRITICAL PATCH Act Now

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Deserialization
NVD GitHub
CVSS 3.1
10.0
EPSS
1.5%
CVE-2024-21010 CRITICAL Act Now

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Hospitality Simphony
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-20997 CRITICAL Act Now

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Hospitality Simphony
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2024-31452 CRITICAL PATCH Act Now

OpenFGA is a high-performance and flexible authorization/permission engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Openfga
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-21082 CRITICAL Act Now

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Oracle Bi Publisher
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-21014 CRITICAL Act Now

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Hospitality Simphony
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3660 CRITICAL PATCH Act Now

A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Keras
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-3863 CRITICAL Act Now

The executable file warning was not presented when downloading .xrm-ms files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Mozilla File Upload Firefox Thunderbird
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3871 CRITICAL Act Now

The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-21071 CRITICAL Act Now

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Workflow
NVD
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy