Skip to main content
CVE-2024-9617 MEDIUM POC THREAT This Month

An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.3% and no vendor patch available.

Authentication Bypass
NVD
CVSS 3.0
6.5
EPSS
16.3%
CVE-2024-7035 MEDIUM POC This Month

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Open Webui
NVD
CVSS 3.0
6.9
EPSS
0.0%
CVE-2024-7039 MEDIUM POC This Month

In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Webui
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-10019 MEDIUM POC This Month

A vulnerability in the `start_app_server` function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Path Traversal Lollms Web Ui
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-8021 MEDIUM POC This Month

An open redirect vulnerability exists in the latest version of gradio-app/gradio. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Gradio
NVD
CVSS 3.1
6.1
EPSS
2.7%
CVE-2025-29217 MEDIUM POC This Month

Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Denial Of Service W18E Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-11173 MEDIUM POC PATCH This Month

An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, leading to a full denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Librechat
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2024-12391 MEDIUM POC This Month

A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular Expression Denial of Service (ReDoS) attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Gpt Academic
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2025-29215 MEDIUM POC This Month

Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-29218 MEDIUM POC This Month

Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Denial Of Service W18E Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-11037 MEDIUM POC This Month

A path traversal vulnerability exists in binary-husky/gpt_academic at commit 679352d, which allows an attacker to bypass the blocked_paths protection and read the config.py file containing sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Gpt Academic Windows
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2025-0184 MEDIUM POC PATCH This Month

A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Dify
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2025-0188 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass Chuanhuchatgpt
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-7771 MEDIUM POC PATCH This Month

A vulnerability in the Dockerized version of mintplex-labs/anything-llm (latest, digest 1d9452da2b92) allows for a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Docker Denial Of Service Anythingllm
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-9447 MEDIUM POC This Month

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Superagi
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-12074 MEDIUM POC This Month

A Denial of Service (DoS) vulnerability was discovered in the file upload feature of automatic1111/stable-diffusion-webui version 1.10.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Stable Diffusion Webui
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-12775 MEDIUM POC This Month

langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the test functionality for the Create Custom Tool option via the REST API `POST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Dify
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-10948 MEDIUM POC This Month

A vulnerability in the upload function of binary-husky/gpt_academic allows any user to read arbitrary files on the system, including sensitive files such as `config.py`. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Gpt Academic
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-10330 MEDIUM POC PATCH This Month

In lunary-ai/lunary version 1.5.6, the `/v1/evaluators/` endpoint lacks proper access control, allowing any user associated with a project to fetch all evaluator data regardless of their role. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-10274 MEDIUM POC PATCH This Month

An improper authorization vulnerability exists in lunary-ai/lunary version 1.5.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-12388 MEDIUM POC This Month

A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gpt Academic
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-10707 MEDIUM POC This Month

gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Chuanhuchatgpt
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-12392 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) vulnerability exists in binary-husky/gpt_academic version git 310122f. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gpt Academic
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-11300 MEDIUM POC PATCH This Month

In lunary-ai/lunary before version 1.6.3, an improper access control vulnerability exists where a user can access prompt data of another user.6.2 and the main branch. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-12880 MEDIUM POC This Month

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ragflow
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-11033 MEDIUM POC This Month

A Denial of Service (DoS) vulnerability exists in the file upload feature of binary-husky/gpt_academic version 3.83. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Gpt Academic
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-10366 MEDIUM POC PATCH This Month

An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Librechat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-8736 MEDIUM POC This Month

A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF File Upload Denial Of Service Lollms Web Ui
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-10273 MEDIUM POC PATCH This Month

In lunary-ai/lunary v1.5.0, improper privilege management in the models.ts file allows users with viewer roles to modify models owned by others. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-9612 MEDIUM POC This Month

In danswer-ai/danswer v0.3.94, administrators can set the visibility of pages within a workspace, including the search page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Onyx
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-9418 MEDIUM POC This Month

{id}` returns the user's password in plaintext. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Superagi
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-11301 MEDIUM POC PATCH This Month

In lunary-ai/lunary before version 1.6.3, the application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Lunary
NVD GitHub
CVSS 3.0
6.5
EPSS
0.0%
CVE-2024-9000 MEDIUM POC PATCH This Month

In lunary-ai/lunary before version 1.4.26, the checklists.post() endpoint allows users to create or modify checklists without validating whether the user has proper permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-10908 MEDIUM POC This Month

An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Fastchat
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2024-11044 MEDIUM POC This Month

An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Stable Diffusion Webui
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2024-10812 MEDIUM POC This Month

An open redirect vulnerability exists in binary-husky/gpt_academic version 3.83. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Gpt Academic
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2024-9308 MEDIUM POC This Month

An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LLaVA-1.6) allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Llava
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2024-8101 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Aim
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-10720 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Phpipam
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-29410 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /contact.php of Hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-8027 MEDIUM POC This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Qanything
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2024-8029 MEDIUM POC This Month

An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Privategpt
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-12374 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Stable Diffusion Webui
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-10727 MEDIUM POC PATCH This Month

A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Phpipam
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-9311 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava v1.2.0 (LLaVA-1.6) allows an attacker to upload files with malicious content without authentication or user interaction. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Large Language And Vision Assistant
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-27888 MEDIUM POC PATCH This Month

Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Apache XSS SSRF Druid
NVD
CVSS 4.0
5.8
EPSS
1.0%
CVE-2024-12910 MEDIUM POC PATCH This Month

A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Llamaindex Red Hat
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-12777 MEDIUM POC This Month

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Aim
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2024-10047 MEDIUM POC This Month

parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Lollms Web Ui Windows
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2025-2546 MEDIUM POC This Month

A vulnerability classified as problematic was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 618 Firmware Dir 605l Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
0.8%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy