Skip to main content
CVE-2024-6095 MEDIUM POC PATCH This Month

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Authentication Bypass Localai
NVD GitHub
CVSS 3.1
5.8
EPSS
2.5%
CVE-2024-37260 CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.3.5. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Foxiz
NVD
CVSS 3.1
9.3
EPSS
0.3%
CVE-2024-5616 MEDIUM POC PATCH This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Localai
NVD GitHub
CVSS 3.0
4.3
EPSS
0.2%
CVE-2024-39486 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/drm_file: Fix pid refcounting race <maarten.lankhorst@linux.intel.com>, Maxime Ripard <mripard@kernel.org>, Thomas Zimmermann. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Intel Linux +1
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2024-37554 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam UltraAddons Elementor Lite ultraaddons-elementor-lite allows DOM-Based XSS.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-37541 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StaxWP Elementor Addons, Widgets and Enhancements - Stax stax-addons-for-elementor allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-37547 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Livemesh Livemesh Addons for Elementor.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Elementor Addons
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-37542 MEDIUM This Month

Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gallery
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-37553 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axelerant Testimonials Widget allows Stored XSS.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Testimonials Widget
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37546 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Image Hover Effects - Caption Hover with Carousel allows Stored XSS.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Image Hover Effects For Elementor With Lightbox And Flipbox
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-37539 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp To Do
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37208 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.7. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2024-37234 LOW Monitor

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.0.4. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2024-40594 LOW Monitor

The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores conversations in cleartext in a location accessible to other apps. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
2.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy