8.1

CVSS3.0

CVE-2024-0549 - Relative Path Traversal in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input va…

📅 Published: April 16, 2024, midnight 🔄 Last Modified: July 9, 2025, 7:37 p.m.

7.5

CVSS3.1

CVE-2024-1593 - Path Traversal via Parameter Smuggling in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. This…

📅 Published: April 16, 2024, midnight 🔄 Last Modified: Feb. 3, 2025, 3:41 p.m.

7.2

CVSS3.0

CVE-2024-3028 - Improper Input Validation in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logo_filename' parameter in the 'system-preferences' API endpoint, an attacker can construct requests to read sensitive files or the appli…

📅 Published: April 16, 2024, midnight 🔄 Last Modified: July 9, 2025, 7:34 p.m.

7.5

CVSS3.1

CVE-2024-1483 - Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of '?', an attacker can…

📅 Published: April 16, 2024, midnight 🔄 Last Modified: Feb. 3, 2025, 3:02 p.m.

5.3

CVSS3.1

CVE-2024-1666 - Unauthorized Radar Creation in lunary-ai/lunary

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result, attacke…

📅 Published: April 16, 2024, midnight 🔄 Last Modified: Jan. 10, 2025, 2:34 p.m.

6.1

CVSS3.1

CVE-2024-3575 - Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb

Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb

📅 Published: April 16, 2024, midnight 🔄 Last Modified: Oct. 29, 2025, 2:06 p.m.

8.1

CVSS3.1

CVE-2024-1560 - Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, al…

📅 Published: April 16, 2024, midnight 🔄 Last Modified: Feb. 3, 2025, 3:18 p.m.

7.1

CVSS3.0

CVE-2024-1456 - S3 Bucket Takeover in h2oai/h2o-3

An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover.

📅 Published: April 16, 2024, midnight 🔄 Last Modified: July 28, 2025, 2:04 p.m.

9.1

CVSS3.0

CVE-2024-0404 - Mass Assignment Vulnerability in mintplex-labs/anything-llm

A mass assignment vulnerability exists in the `/api/invite/:code` endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker…

📅 Published: April 16, 2024, midnight 🔄 Last Modified: July 9, 2025, 7:37 p.m.

8.1

CVSS3.1

CVE-2024-22262 - CVE-2024-22262: Spring Framework URL Parsing with Host Validation

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is…

📅 Published: April 16, 2024, midnight 🔄 Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 10274 of 34,919
« previous page » next page
Filters