8.0

CVSS3.1

CVE-2024-3029 - Improper Input Validation in mintplex-labs/anything-llm

In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the '/system/enable-multi-user' endpoint. This triggers an error that is caught by a catch block, which in turn deletes all users and disables the 'multi_user_mode'. The vulnerabi…

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: July 9, 2025, 7:34 p.m.

7.5

CVSS3.1

CVE-2024-1558 - Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the `_create_model_version()` function within `server/handlers.py` of the mlflow/mlflow repository, due to improper validation of the `source` parameter. Attackers can exploit this vulnerability by crafting a `source` parameter that bypasses the `_validate_n…

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: Feb. 3, 2025, 3:14 p.m.

0.0

CVE-2024-1665 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: June 7, 2024, 5:15 p.m.

7.5

CVSS3.1

CVE-2024-1594 - Local File Read via Path Traversal in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to read arbitrary files o…

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: Feb. 3, 2025, 3:41 p.m.

7.5

CVSS3.0

CVE-2024-3572 - XML External Entity (XXE) Vulnerability in scrapy/scrapy

The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, …

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: July 28, 2025, 2:49 p.m.

8.1

CVSS3.1

CVE-2024-1626 - IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly re…

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: Jan. 31, 2025, 11:15 a.m.

7.5

CVSS3.1

CVE-2024-1738 - Incorrect Authorization in lunary-ai/lunary

An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint. This vulnerability allows unauthorized users to retrieve the results of any organization's evaluation by simply knowing the evaluation I…

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: Jan. 10, 2025, 2:35 p.m.

6.5

CVSS3.0

CVE-2024-1183 - SSRF Vulnerability in gradio-app/gradio

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the pre…

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: July 29, 2025, 7:03 p.m.

9.8

CVSS3.1

CVE-2024-1601 - SQL Injection in parisneo/lollms-webui

An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the `/delete_discussion` endpoint, which interna…

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: July 7, 2025, 3:54 p.m.

8.2

CVSS3.0

CVE-2024-1646 - Authentication Bypass in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized ac…

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: Aug. 15, 2025, 8:33 p.m.
Total resulsts: 349182
Page 10273 of 34,919
Β« previous page Β» next page
Filters