Skip to main content
CVE-2025-0628 HIGH PATCH This Week

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.0
8.1
EPSS
0.1%
CVE-2024-8065 HIGH This Week

A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victim's browser. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.0
8.1
EPSS
0.0%
CVE-2024-11302 HIGH This Week

A missing check_access() function in the lollms_binding_infos module of the parisneo/lollms repository, version V14, allows attackers to add, modify, and remove bindings arbitrarily. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.0
8.0
EPSS
0.0%
CVE-2024-13923 HIGH PATCH This Week

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validate_file() function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Order Export Order Import For Woocommerce
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2024-8183 HIGH PATCH This Week

A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass
NVD GitHub
CVSS 3.0
7.6
EPSS
0.1%
CVE-2024-9363 HIGH This Week

An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2024-9229 HIGH This Week

A Denial of Service (DoS) vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2024-57440 HIGH This Week

D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflow via the COMM_MAKECustomMsg function of the webproc cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Buffer Overflow Stack Overflow Dsl 3788 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-1385 HIGH This Week

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE
NVD GitHub
CVSS 4.0
7.5
EPSS
0.2%
CVE-2024-12886 HIGH PATCH This Week

An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ollama AI / ML Red Hat Suse
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2024-9056 HIGH This Week

BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2024-12720 HIGH PATCH This Week

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Transformers
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-10188 HIGH PATCH MAL This Week

A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-12761 HIGH This Week

A Denial of Service (DoS) vulnerability exists in the brycedrennan/imaginairy repository, version 15.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-13558 HIGH PATCH This Week

The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Np Quote Request For Woocommerce
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0182 HIGH This Week

A vulnerability in danswer-ai/danswer version 0.9.0 allows for denial of service through memory exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8028 HIGH This Week

A vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to cause a Denial of Service (DoS) by uploading a file with a malformed multipart boundary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-7779 HIGH This Week

A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular Expression Denial of Service (ReDoS) by manipulating regular expressions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8055 HIGH This Week

Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations using the `PUT` and `COPY` commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python SQLi
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-6827 HIGH PATCH This Week

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling XSS SSRF Red Hat +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-10821 HIGH This Week

A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server (version v5.0.1) allows unauthenticated attackers to cause excessive resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-13921 HIGH PATCH This Week

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Information Disclosure WordPress PHP Deserialization Order Export Order Import For Woocommerce
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-11602 HIGH This Week

A Cross-Origin Resource Sharing (CORS) vulnerability exists in feast-dev/feast version 0.40.0. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.0
7.4
EPSS
0.0%
CVE-2024-7819 HIGH This Week

A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows attackers to steal sensitive information such as chat contents, API keys, and other data. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.0
7.4
EPSS
0.0%
CVE-2025-22228 HIGH POC PATCH This Week

BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Red Hat
NVD HeroDevs GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-30334 HIGH PATCH This Week

In OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015, traffic sent over wg(4) could result in kernel crash. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Openbsd
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-9597 HIGH This Week

A Path Traversal vulnerability exists in the `/wipe_database` endpoint of parisneo/lollms version v12, allowing an attacker to delete any directory on the system. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2024-2292 HIGH This Week

Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2024-12216 HIGH This Week

A vulnerability in the `ImageClassificationDataset.from_csv()` API of the `dmlc/gluon-cv` repository, version 0.10.0, allows for arbitrary file write. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.0
7.1
EPSS
0.0%
CVE-2025-0655 POC Act Now

Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-10457 MEDIUM This Month

Multiple Server-Side Request Forgery (SSRF) vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search blocks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Authentication Bypass
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2025-1496 MEDIUM This Month

Improper Restriction of Excessive Authentication Attempts vulnerability in BG-TEK Coslat Hotspot allows Password Brute Forcing, Authentication Abuse.26.0.R.20250227. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-1802 MEDIUM PATCH This Month

The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘marker_title’, 'notification_content', and 'stt_button_text' parameters in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ht Mega PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-2108 MEDIUM This Month

The 140+ Widgets | Xpro Addons For Elementor - FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Site Title’ widget's 'title_tag' and 'html_tag' parameters in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-6577 MEDIUM This Month

In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pytorch AI / ML
NVD
CVSS 3.0
6.3
EPSS
0.1%
CVE-2024-8982 MEDIUM This Month

A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.0
6.2
EPSS
0.0%
CVE-2024-48591 MEDIUM This Month

Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Spirateam
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-11441 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in Serge version 0.9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2024-0245 MEDIUM This Month

A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2024-12870 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch (cec2080). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass XSS
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2025-29914 MEDIUM PATCH This Month

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP Authentication Bypass Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-0192 MEDIUM This Month

A stored Cross-site Scripting (XSS) vulnerability exists in the latest version of wandb/openui. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2024-9699 MEDIUM PATCH This Month

A vulnerability in the file upload functionality of the FlatPress CMS admin panel (version latest) allows an attacker to upload a file with a JavaScript payload disguised as a filename. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Flatpress
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-1766 MEDIUM This Month

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Eventin PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-12217 MEDIUM This Month

A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Windows
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2024-10940 MEDIUM PATCH This Month

A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Langchain AI / ML Red Hat
NVD GitHub
CVSS 3.0
5.3
EPSS
0.1%
CVE-2025-2556 MEDIUM This Month

A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-2565 MEDIUM PATCH This Month

The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10,. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2557 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Audi UTR Dashcam 2.0. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2024-13920 MEDIUM PATCH This Month

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Order Export Order Import For Woocommerce
NVD
CVSS 3.1
4.9
EPSS
0.3%
Prev Page 6 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy