Skip to main content
CVE-2024-13920 MEDIUM PATCH This Month

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Order Export Order Import For Woocommerce
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-54016 MEDIUM PATCH This Month

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incubating).2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Seata
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2025-1314 MEDIUM This Month

The Custom Twitter Feeds - A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-8057 MEDIUM This Month

In version 0.4.1 of danswer-ai/danswer, a vulnerability exists where a basic user can create credentials and link them to an existing connector. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2025-2549 MEDIUM POC This Month

A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 618 Firmware Dir 605l Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2025-29412 MEDIUM POC Monitor

A cross-site scripting (XSS) vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ibanking
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-0254 MEDIUM This Month

HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-1474 MEDIUM POC PATCH This Month

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Brute Force Authentication Bypass Mlflow AI / ML
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-0508 MEDIUM PATCH This Month

A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 3.0
5.9
EPSS
0.1%
CVE-2025-0191 MEDIUM POC This Week

A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Chuanhuchatgpt
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2025-0183 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in the Latex Proof-Reading Module of binary-husky/gpt_academic version 3.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gpt Academic
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2024-9900 MEDIUM POC PATCH This Month

mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Localai Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-9365 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) vulnerability in polyaxon/polyaxon v2.4.0 allows attackers to perform unauthorized actions in the context of the victim's browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2024-9159 MEDIUM POC This Week

An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Chuanhuchatgpt
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-9098 MEDIUM POC PATCH This Month

In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Privilege Escalation Lunary
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-8556 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Agentscope
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-7476 MEDIUM POC PATCH Monitor

A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.0
4.3
EPSS
0.1%
CVE-2024-7058 MEDIUM POC Monitor

A vulnerability in the sanitize_path function in parisneo/lollms-webui v10 - latest allows an attacker to bypass path sanitization by using relative paths such as './'. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lollms Web Ui
NVD
CVSS 3.0
4.4
EPSS
0.1%
CVE-2024-7040 MEDIUM POC Monitor

In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Webui
NVD VulDB
CVSS 3.0
4.9
EPSS
0.1%
CVE-2024-6986 MEDIUM POC This Month

A Cross-site Scripting (XSS) vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lollms Web Ui
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-6863 MEDIUM POC This Week

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H2O
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-6844 MEDIUM POC PATCH This Month

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Authentication Bypass Flask Cors Suse
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2024-6841 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest commit (56b782bcefd2e59b19cd7ba7878b95f54884f502) of the vanna-ai/vanna repository. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2024-12869 MEDIUM POC Monitor

In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ragflow
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-12387 MEDIUM POC This Week

A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gpt Academic
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-12375 MEDIUM POC This Week

A local file inclusion vulnerability was identified in automatic1111/stable-diffusion-webui, affecting version git 82a973c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Stable Diffusion Webui
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2024-10955 MEDIUM POC This Week

A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Chuanhuchatgpt
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-10481 MEDIUM POC This Week

A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Comfyui
NVD
CVSS 3.0
6.5
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy