8.8

CVSS3.0

CVE-2024-1961 - Path Traversal leading to Arbitrary File Write and RCE in vertaai/modeldb

vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Attackers can exploit this vulnerability to write arbitrary files anywhere in the file system by manipulating the 'artifact_path' parameter. This flaw …

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.9

CVSS3.1

CVE-2024-2083 - Directory Traversal in zenml-io/zenml

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulne…

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: May 12, 2025, 1:12 p.m.

9.1

CVSS3.1

CVE-2024-1739 - Case Insensitive Email Address Validation Vulnerability in lunary-ai/lunary

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the case …

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: June 18, 2025, 4:33 p.m.

8.8

CVSS3.1

CVE-2024-3571 - Path Traversal in langchain-ai/langchain

langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to inf…

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: July 29, 2025, 7:19 p.m.

10

CVSS3.1

CVE-2024-2912 - Insecure Deserialization Leading to RCE in bentoml/bentoml

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is…

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.5

CVSS3.0

CVE-2024-3574 - Authorization Header Leak During Cross-Domain Redirect in scrapy/scrapy

In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across d…

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: July 28, 2025, 2:51 p.m.

9.8

CVSS3.0

CVE-2024-3271 - Command Injection in run-llama/llama_index

A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by c…

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: July 30, 2025, 12:14 a.m.

4.2

CVSS3.1

CVE-2024-2260 - Session Fixation Vulnerability in zenml-io/zenml

A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: June 12, 2025, 11:48 p.m.

7.5

CVSS3.1

CVE-2024-1569 - Uncontrolled Resource Consumption in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or th…

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: July 7, 2025, 3:52 p.m.

9.3

CVSS3.1

CVE-2024-3573 - Local File Inclusion (LFI) via Scheme Confusion in mlflow/mlflow

mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the mis…

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: Feb. 3, 2025, 3:50 p.m.
Total resulsts: 349182
Page 10272 of 34,919
Β« previous page Β» next page
Filters