Skip to main content
CVE-2024-54016 MEDIUM PATCH This Month

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incubating).2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Seata
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2025-1314 MEDIUM This Month

The Custom Twitter Feeds - A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-8057 MEDIUM This Month

In version 0.4.1 of danswer-ai/danswer, a vulnerability exists where a basic user can create credentials and link them to an existing connector. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2024-12760 POC This Week

Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-29923 LOW POC PATCH Monitor

go-redis is the official Redis client library for the Go programming language. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Redis
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-30259 LOW Monitor

The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2024-7598 LOW Monitor

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Race Condition Kubernetes
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2024-13922 LOW PATCH Monitor

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

WordPress Information Disclosure Order Export Order Import For Woocommerce
NVD
CVSS 3.1
2.7
EPSS
0.3%
CVE-2025-2555 LOW Monitor

A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Rated low severity (CVSS 2.1), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-2574 LOW Monitor

Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in the PostScript function interpreter code. Rated low severity (CVSS 2.1), this vulnerability is no authentication required. No vendor patch available.

Integer Overflow Buffer Overflow
NVD
CVSS 4.0
2.1
EPSS
0.0%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-2549 MEDIUM POC This Month

A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 618 Firmware Dir 605l Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2025-29149 HIGH POC This Month

Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow I12 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-29121 HIGH POC This Month

A vulnerability was found in Tenda AC6 V15.03.05.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-23120 HIGH POC THREAT CERT-EU This Week

A vulnerability allowing remote code execution (RCE) for domain users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.3%.

RCE Deserialization Veeam Backup Replication
NVD
CVSS 3.1
8.8
EPSS
26.3%
CVE-2025-29412 MEDIUM POC Monitor

A cross-site scripting (XSS) vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ibanking
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-0254 MEDIUM This Month

HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-29101 HIGH POC This Month

Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in the get_parentControl_list_Info function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-1474 MEDIUM POC PATCH This Month

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Brute Force Authentication Bypass Mlflow AI / ML
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-1473 HIGH POC PATCH This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Mlflow AI / ML
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-0508 MEDIUM PATCH This Month

A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 3.0
5.9
EPSS
0.1%
CVE-2025-0315 HIGH POC PATCH This Month

A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ollama AI / ML Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.3%

Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-0191 MEDIUM POC This Week

A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Chuanhuchatgpt
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2025-0189 HIGH POC This Month

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Aim
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-0185 HIGH POC This Week

A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Dify
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2025-0183 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in the Latex Proof-Reading Module of binary-husky/gpt_academic version 3.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gpt Academic
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2024-9919 HIGH POC This Week

A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lollms Web Ui
NVD
CVSS 3.0
8.4
EPSS
0.0%

Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-9900 MEDIUM POC PATCH This Month

mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Localai Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD

Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-9701 CRITICAL PATCH GHSA This Week

A Remote Code Execution (RCE) vulnerability has been identified in the Kedro ShelveStore class (version 0.19.8). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE Deserialization
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2024-9439 HIGH POC This Week

SuperAGI is vulnerable to remote code execution in the latest version. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Superagi
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2024-9437 HIGH POC This Month

SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Superagi
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2024-9431 HIGH POC This Week

In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Superagi
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-9365 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) vulnerability in polyaxon/polyaxon v2.4.0 allows attackers to perform unauthorized actions in the context of the victim's browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2024-9340 HIGH POC PATCH This Month

A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Zenml
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2024-9309 CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 (LLaVA-1.6). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Llava
NVD
CVSS 3.0
9.3
EPSS
0.1%
CVE-2024-9216 HIGH POC This Week

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Chuanhuchatgpt
NVD
CVSS 3.0
8.1
EPSS
0.1%
CVE-2024-9159 MEDIUM POC This Week

An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Chuanhuchatgpt
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-9098 MEDIUM POC PATCH This Month

In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Privilege Escalation Lunary
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-9053 CRITICAL POC GHSA Act Now

vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Vllm Red Hat
NVD
CVSS 3.1
9.8
EPSS
2.2%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD

Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-8998 HIGH POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability exists in lunary-ai/lunary version git f07a845. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Lunary
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-8984 HIGH POC PATCH This Month

A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Litellm
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2024-8958 CRITICAL POC Act Now

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation File Upload Composio
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-8952 HIGH POC This Month

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Composio
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-8769 CRITICAL POC Act Now

A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Aim
NVD
CVSS 3.1
9.1
EPSS
0.7%
Prev Page 7 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy