Skip to main content
CVE-2024-8487 CRITICAL POC GHSA Act Now

A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Agentscope
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-8019 CRITICAL POC PATCH Act Now

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft RCE File Upload Pytorch Lightning Windows +2
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2024-7957 CRITICAL This Week

An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.0
9.1
EPSS
0.2%
CVE-2024-7776 CRITICAL POC PATCH Act Now

A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Onnx Suse
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2024-7760 CRITICAL POC Act Now

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Denial Of Service Aim
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2024-10901 CRITICAL POC Act Now

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/chart/run` allows execution of arbitrary SQL queries without any access control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE File Upload Db Gpt
NVD
CVSS 3.1
9.8
EPSS
1.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy