9.8

CVSS3.0

CVE-2024-2195 - Remote Code Execution in aimhubio/aim

A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py` file, where improper …

πŸ“… Published: April 10, 2024, 5:08 p.m. πŸ”„ Last Modified: July 29, 2025, 8:31 p.m.

8.8

CVSS3.0

CVE-2024-2196 - CSRF Vulnerability in aimhubio/aim

aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboar…

πŸ“… Published: April 10, 2024, 5:08 p.m. πŸ”„ Last Modified: July 29, 2025, 8:27 p.m.

7.2

CVSS3.1

CVE-2024-3101 - Privilege Escalation via Improper Input Validation in mintplex-labs/anything-llm

In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multi_user_mode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This acti…

πŸ“… Published: April 10, 2024, 5:08 p.m. πŸ”„ Last Modified: July 9, 2025, 7:49 p.m.

9.8

CVSS3.0

CVE-2024-2029 - Command Injection in mudler/localai

A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing t…

πŸ“… Published: April 10, 2024, 5:08 p.m. πŸ”„ Last Modified: July 15, 2025, 3:25 p.m.

7.5

CVSS3.1

CVE-2024-1902 - Session Reuse Vulnerability in lunary-ai/lunary

lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker c…

πŸ“… Published: April 10, 2024, 5:08 p.m. πŸ”„ Last Modified: Jan. 10, 2025, 2:29 p.m.

9.1

CVSS3.1

CVE-2024-1740 - Incorrect Authorization in lunary-ai/lunary

In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user removed from an organization can still read, create, modify, and delete logs by re-using an old authorization token. The lunary web application communicates with the server using an 'Authorization' token in the browser, which do…

πŸ“… Published: April 10, 2024, 5:08 p.m. πŸ”„ Last Modified: Jan. 10, 2025, 2:21 p.m.

9.1

CVSS3.1

CVE-2024-1741 - Improper Authorization in lunary-ai/lunary

lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by sendi…

πŸ“… Published: April 10, 2024, 5:08 p.m. πŸ”„ Last Modified: Jan. 31, 2025, 11:15 a.m.

7.5

CVSS3.0

CVE-2024-2217 - Improper Access Control in gaizhenbiao/chuanhuchatgpt

gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (`ope…

πŸ“… Published: April 10, 2024, 5:08 p.m. πŸ”„ Last Modified: July 29, 2025, 8:21 p.m.

6.1

CVSS3.1

CVE-2024-1602 - Stored XSS leading to RCE in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within…

πŸ“… Published: April 10, 2024, 5:08 p.m. πŸ”„ Last Modified: July 9, 2025, 2:14 p.m.

9.8

CVSS3.0

CVE-2024-1520 - OS Command Injection in parisneo/lollms-webui

An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unau…

πŸ“… Published: April 10, 2024, 5:08 p.m. πŸ”„ Last Modified: July 9, 2025, 2:14 p.m.
Total resulsts: 349182
Page 10331 of 34,919
Β« previous page Β» next page
Filters