Skip to main content
CVE-2024-8765 HIGH POC PATCH This Month

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Lunary
NVD GitHub
CVSS 3.0
7.3
EPSS
0.2%
CVE-2024-8764 HIGH POC PATCH This Month

A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute arbitrary regular expressions on the server side. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Lunary
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8613 HIGH POC PATCH This Week

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Chuanhuchatgpt
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-8556 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Agentscope
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-8487 CRITICAL POC GHSA Act Now

A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Agentscope
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-8024 HIGH POC This Month

A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Qanything
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-8019 CRITICAL POC PATCH Act Now

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft RCE File Upload Pytorch Lightning Windows +2
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%

Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-7957 CRITICAL This Week

An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.0
9.1
EPSS
0.2%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2024-7776 CRITICAL POC PATCH Act Now

A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Onnx Suse
NVD
CVSS 3.1
9.1
EPSS
1.5%

Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-7767 HIGH POC This Week

An improper access control vulnerability exists in danswer-ai/danswer version v0.3.94. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Onyx
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-7760 CRITICAL POC Act Now

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Denial Of Service Aim
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2024-7476 MEDIUM POC PATCH Monitor

A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.0
4.3
EPSS
0.1%
CVE-2024-7058 MEDIUM POC Monitor

A vulnerability in the sanitize_path function in parisneo/lollms-webui v10 - latest allows an attacker to bypass path sanitization by using relative paths such as './'. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lollms Web Ui
NVD
CVSS 3.0
4.4
EPSS
0.1%
CVE-2024-7043 HIGH POC This Week

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Webui
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-7040 MEDIUM POC Monitor

In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Webui
NVD VulDB
CVSS 3.0
4.9
EPSS
0.1%
CVE-2024-6986 MEDIUM POC This Month

A Cross-site Scripting (XSS) vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lollms Web Ui
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-6982 HIGH PATCH This Month

A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Python
NVD GitHub
CVSS 3.0
8.4
EPSS
0.1%
CVE-2024-6863 MEDIUM POC This Week

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H2O
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-6854 HIGH POC This Month

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H2O
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2024-6844 MEDIUM POC PATCH This Month

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Authentication Bypass Flask Cors Suse
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2024-6841 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest commit (56b782bcefd2e59b19cd7ba7878b95f54884f502) of the vanna-ai/vanna repository. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2024-6825 HIGH POC MAL This Week

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Litellm
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2024-12911 HIGH POC PATCH This Month

A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Llamaindex Red Hat
NVD GitHub
CVSS 3.0
7.1
EPSS
0.2%
CVE-2024-12869 MEDIUM POC Monitor

In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ragflow
NVD
CVSS 3.1
4.3
EPSS
0.1%

Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-12766 HIGH POC This Month

parisneo/lollms-webui version V13 (feather) suffers from a Server-Side Request Forgery (SSRF) vulnerability in the `POST /api/proxy` REST API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Lollms Web Ui
NVD
CVSS 3.0
7.5
EPSS
0.1%

Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-12389 HIGH POC This Week

A path traversal vulnerability exists in binary-husky/gpt_academic version git 310122f. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Path Traversal Gpt Academic
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2024-12387 MEDIUM POC This Week

A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gpt Academic
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-12375 MEDIUM POC This Week

A local file inclusion vulnerability was identified in automatic1111/stable-diffusion-webui, affecting version git 82a973c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Stable Diffusion Webui
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2024-11172 HIGH POC PATCH This Month

A vulnerability in danny-avila/librechat version git a1647d7 allows an unauthenticated attacker to cause a denial of service by sending a crafted payload to the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Librechat
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2024-11169 HIGH POC PATCH This Month

An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Librechat
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2024-11043 HIGH This Month

A Denial of Service (DoS) vulnerability was discovered in the /api/v1/boards/{board_id} endpoint of invoke-ai/invokeai version v5.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
0.1%

Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-10956 HIGH POC This Month

GPT Academy version 3.83 in the binary-husky/gpt_academic repository is vulnerable to Cross-Site WebSocket Hijacking (CSWSH). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gpt Academic
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-10955 MEDIUM POC This Week

A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Chuanhuchatgpt
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-10901 CRITICAL POC Act Now

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/chart/run` allows execution of arbitrary SQL queries without any access control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE File Upload Db Gpt
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-10829 HIGH POC This Month

A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Db Gpt
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2024-10713 HIGH This Month

A vulnerability in szad670401/hyperlpr v3.0 allows for a Denial of Service (DoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-10481 MEDIUM POC This Week

A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Comfyui
NVD
CVSS 3.0
6.5
EPSS
0.1%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2024-13875 HIGH POC This Month

The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Pmanager
NVD WPScan
CVSS 3.1
7.1
EPSS
0.1%
Prev Page 8 of 8

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy