Skip to main content
CVE-2024-9070 CRITICAL Act Now

A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions <=1.3.4.post1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2025-2538 CRITICAL Act Now

A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote unauthenticated attacker to gain administrative. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Portal For Arcgis
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-47552 CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).0.0 before 2.2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-12016 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-29922 CRITICAL PATCH Act Now

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Suse
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2024-10047 MEDIUM POC This Month

parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Lollms Web Ui Windows
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2024-5752 CRITICAL Act Now

A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.0
9.1
EPSS
2.0%
CVE-2025-2546 MEDIUM POC This Month

A vulnerability classified as problematic was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 618 Firmware Dir 605l Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2025-2548 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 618 Firmware Dir 605l Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-9107 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Chuanhuchatgpt
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-2553 MEDIUM POC This Month

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 618 Firmware Dir 605l Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8400 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Chuanhuchatgpt
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10723 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass XSS Phpipam
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10721 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass XSS Phpipam
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10363 MEDIUM POC PATCH This Month

In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Librechat
NVD GitHub
CVSS 3.0
5.4
EPSS
0.1%
CVE-2025-0281 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in lunary-ai/lunary versions 1.6.7 and earlier. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Lunary
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-11850 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in the latest version of langgenius/dify. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dify
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10725 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpipam
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10724 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2, specifically in the Subnet NAT translations section when editing the Destination address. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpipam
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10722 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpipam
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-12871 MEDIUM POC This Month

An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ragflow
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10719 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically in the circuits options functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Phpipam
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-2552 MEDIUM POC This Month

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 618 Firmware Dir 605l Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2025-2551 MEDIUM POC This Month

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 618 Firmware Dir 605l Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2025-2550 MEDIUM POC This Month

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 618 Firmware Dir 605l Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2025-2547 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in D-Link DIR-618 and DIR-605L 2.02/3.02. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 618 Firmware Dir 605l Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-6839 MEDIUM POC PATCH This Month

corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Flask Cors Suse
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-6483 MEDIUM POC This Month

A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service Aim
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2025-29980 CRITICAL PATCH Act Now

A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Etrakit Net
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2024-6838 MEDIUM POC This Month

In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mlflow AI / ML
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-11167 MEDIUM POC PATCH This Month

An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users' prompts via the groupid parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Librechat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-8251 MEDIUM POC PATCH This Month

A vulnerability in mintplex-labs/anything-llm prior to version 1.2.2 allows for Prisma injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Authentication Bypass Anythingllm
NVD GitHub
CVSS 3.0
5.3
EPSS
0.1%
CVE-2024-12580 MEDIUM POC PATCH This Month

A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Librechat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-11042 CRITICAL PATCH Act Now

In invoke-ai/invokeai version v5.0.2, the web API `POST /api/v1/images/delete` is vulnerable to Arbitrary File Deletion. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.0
9.1
EPSS
0.9%
CVE-2025-2311 CRITICAL Act Now

Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-1770 HIGH This Week

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP RCE WordPress Path Traversal +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-12215 HIGH This Week

In kedro-org/kedro version 0.19.8, the `pull_package()` API function allows users to download and extract micro packages from the Internet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2024-0640 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Chatwoot
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-8489 HIGH This Week

A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery (CSRF) due to overly permissive CORS headers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2025-30160 HIGH PATCH This Week

Redlib is an alternative private front-end to Reddit. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Redlib
NVD GitHub
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-10359 MEDIUM POC PATCH This Month

In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Librechat
NVD GitHub
CVSS 3.0
4.6
EPSS
0.1%
CVE-2025-2480 HIGH This Week

Santesoft Sante DICOM Viewer Pro is vulnerable to an out-of-bounds write, which requires a user to open a malicious DCM file, resulting in execution of arbitrary code by a local attacker. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Dicom Viewer Pro
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2024-6583 MEDIUM POC This Month

A path traversal vulnerability exists in the latest version of stangirard/quivr. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Quivr
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2024-8099 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SSRF Authentication Bypass
NVD
CVSS 3.0
8.3
EPSS
0.1%
CVE-2024-11821 MEDIUM POC This Month

A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dify
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2024-13060 MEDIUM POC PATCH This Month

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Docker Anythingllm Docker
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-7046 MEDIUM POC This Month

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Webui
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2024-7045 MEDIUM POC This Month

In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Webui
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2024-8060 HIGH PATCH This Week

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint `/audio/api/v1/transcriptions` that allows for arbitrary file upload. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker RCE Path Traversal File Upload
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2024-7764 HIGH This Week

Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.0
8.1
EPSS
0.1%
Prev Page 5 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy