Skip to main content
CVE-2024-11603 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fastchat version 0.2.36. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Authentication Bypass Fastchat
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-10550 HIGH POC This Week

A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service H2O
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-10549 HIGH POC This Week

A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service H2O
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-10110 HIGH POC This Week

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Aim
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12065 HIGH POC This Week

A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Llava
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-7768 HIGH POC This Week

A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service H2O
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2025-0453 HIGH POC This Week

In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mlflow AI / ML
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0190 HIGH POC This Week

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Aim
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0330 HIGH POC This Week

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Litellm
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12778 HIGH POC This Week

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service (DoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Aim
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12882 HIGH POC This Week

comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Comfyui
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8018 HIGH POC This Week

A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Privategpt
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8789 HIGH POC PATCH This Week

Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Lunary
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8763 HIGH POC PATCH This Week

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary repository, specifically in the compileTextTemplate function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Lunary
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12068 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Llava
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12376 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Fastchat
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-10272 HIGH POC PATCH This Week

lunary-ai/lunary is vulnerable to broken access control in the latest version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-10572 HIGH POC This Week

In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Denial Of Service H2O
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8999 HIGH POC PATCH This Week

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-9606 HIGH POC PATCH This Week

In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Litellm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-10267 HIGH POC This Week

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Superagi
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8062 HIGH POC This Week

A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service H2O
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-8061 HIGH POC This Week

In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Aim
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8249 HIGH POC PATCH This Week

mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Anythingllm
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12779 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass Ragflow
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-11822 HIGH POC This Week

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass Dify
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-25758 HIGH POC This Week

An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Kukufm Android
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0454 HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google SSRF Autogpt Platform
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-10907 HIGH POC This Week

In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fastchat
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8955 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Composio
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-12704 HIGH POC PATCH This Week

A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Llamaindex Langchain AI / ML Red Hat
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-11137 HIGH POC PATCH This Week

An Insecure Direct Object Reference (IDOR) vulnerability exists in the `PATCH /v1/runs/:id/score` endpoint of lunary-ai/lunary version 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-11031 HIGH POC This Week

In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_Translate.get_files_from_everything() API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gpt Academic
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-11030 HIGH POC This Week

GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plugin function, which calls the crazy_utils.get_files_from_everything() API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gpt Academic
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-8020 HIGH POC This Week

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pytorch Lightning Pytorch AI / ML Red Hat
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-10718 HIGH POC PATCH This Week

In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Phpipam
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-7033 HIGH POC This Week

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the download_model endpoint. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft RCE Denial Of Service Open Webui Windows
NVD VulDB
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-10275 HIGH POC PATCH This Week

In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where admins, who do not have direct permissions to access billing resources, can change the permissions of existing users to include. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Privilege Escalation Lunary
NVD GitHub
CVSS 3.0
7.3
EPSS
0.1%
CVE-2024-10513 HIGH POC PATCH This Week

A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Authentication Bypass Path Traversal Privilege Escalation Anythingllm
NVD GitHub
CVSS 3.0
7.2
EPSS
0.3%
CVE-2024-8248 HIGH POC PATCH This Week

A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Privilege Escalation Anythingllm
NVD GitHub
CVSS 3.0
7.2
EPSS
0.2%
CVE-2024-10252 HIGH POC PATCH This Week

A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE SSRF Code Injection Python Dify
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-13881 HIGH POC This Week

The Link My Posts WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Linkmyposts
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-13880 HIGH POC This Week

The My Quota WordPress plugin through 1.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS My Quota
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-13878 HIGH POC This Week

The SpotBot WordPress plugin through 0.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Spotbot
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-13877 HIGH POC This Week

The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Passbeemedia Web Push Notification
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-13876 HIGH POC This Week

The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Meintopf
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-9096 HIGH POC PATCH This Week

In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to modify checklists by sending a PATCH request. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-7035 MEDIUM POC This Month

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Open Webui
NVD
CVSS 3.0
6.9
EPSS
0.0%
CVE-2024-7039 MEDIUM POC This Month

In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Webui
NVD VulDB
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-10019 MEDIUM POC This Month

A vulnerability in the `start_app_server` function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Path Traversal Lollms Web Ui
NVD
CVSS 3.1
6.7
EPSS
0.1%
Prev Page 3 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy