Skip to main content
CVE-2024-9597 HIGH This Week

A Path Traversal vulnerability exists in the `/wipe_database` endpoint of parisneo/lollms version v12, allowing an attacker to delete any directory on the system. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2024-2292 HIGH This Week

Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2024-12216 HIGH This Week

A vulnerability in the `ImageClassificationDataset.from_csv()` API of the `dmlc/gluon-cv` repository, version 0.10.0, allows for arbitrary file write. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.0
7.1
EPSS
0.0%
CVE-2025-29149 HIGH POC This Month

Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow I12 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-29121 HIGH POC This Month

A vulnerability was found in Tenda AC6 V15.03.05.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-23120 HIGH POC THREAT CERT-EU This Week

A vulnerability allowing remote code execution (RCE) for domain users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.3%.

RCE Deserialization Veeam Backup Replication
NVD
CVSS 3.1
8.8
EPSS
26.3%
CVE-2025-29101 HIGH POC This Month

Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in the get_parentControl_list_Info function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-1473 HIGH POC PATCH This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Mlflow AI / ML
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-0315 HIGH POC PATCH This Month

A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ollama AI / ML Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-0189 HIGH POC This Month

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Aim
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0185 HIGH POC This Week

A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Dify
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-9919 HIGH POC This Week

A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lollms Web Ui
NVD
CVSS 3.0
8.4
EPSS
0.0%
CVE-2024-9439 HIGH POC This Week

SuperAGI is vulnerable to remote code execution in the latest version. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Superagi
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2024-9437 HIGH POC This Month

SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Superagi
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2024-9431 HIGH POC This Week

In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Superagi
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-9340 HIGH POC PATCH This Month

A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Zenml
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2024-9216 HIGH POC This Week

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Chuanhuchatgpt
NVD
CVSS 3.0
8.1
EPSS
0.1%
CVE-2024-8998 HIGH POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability exists in lunary-ai/lunary version git f07a845. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Lunary
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-8984 HIGH POC PATCH This Month

A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Litellm
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2024-8952 HIGH POC This Month

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Composio
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-8765 HIGH POC PATCH This Month

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Lunary
NVD GitHub
CVSS 3.0
7.3
EPSS
0.2%
CVE-2024-8764 HIGH POC PATCH This Month

A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute arbitrary regular expressions on the server side. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Lunary
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8613 HIGH POC PATCH This Week

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Chuanhuchatgpt
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-8024 HIGH POC This Month

A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Qanything
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-7767 HIGH POC This Week

An improper access control vulnerability exists in danswer-ai/danswer version v0.3.94. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Onyx
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-7043 HIGH POC This Week

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Webui
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-6982 HIGH PATCH This Month

A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Python
NVD GitHub
CVSS 3.0
8.4
EPSS
0.1%
CVE-2024-6854 HIGH POC This Month

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H2O
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2024-6825 HIGH POC MAL This Week

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Litellm
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2024-12911 HIGH POC PATCH This Month

A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Llamaindex Red Hat
NVD GitHub
CVSS 3.0
7.1
EPSS
0.2%
CVE-2024-12766 HIGH POC This Month

parisneo/lollms-webui version V13 (feather) suffers from a Server-Side Request Forgery (SSRF) vulnerability in the `POST /api/proxy` REST API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Lollms Web Ui
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12389 HIGH POC This Week

A path traversal vulnerability exists in binary-husky/gpt_academic version git 310122f. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Path Traversal Gpt Academic
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2024-11172 HIGH POC PATCH This Month

A vulnerability in danny-avila/librechat version git a1647d7 allows an unauthenticated attacker to cause a denial of service by sending a crafted payload to the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Librechat
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2024-11169 HIGH POC PATCH This Month

An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Librechat
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2024-11043 HIGH This Month

A Denial of Service (DoS) vulnerability was discovered in the /api/v1/boards/{board_id} endpoint of invoke-ai/invokeai version v5.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-10956 HIGH POC This Month

GPT Academy version 3.83 in the binary-husky/gpt_academic repository is vulnerable to Cross-Site WebSocket Hijacking (CSWSH). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gpt Academic
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-10829 HIGH POC This Month

A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Db Gpt
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2024-10713 HIGH This Month

A vulnerability in szad670401/hyperlpr v3.0 allows for a Denial of Service (DoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-13875 HIGH POC This Month

The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Pmanager
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy