9.8

CVSS3.0

CVE-2024-1511 - Path Traversal Vulnerability in parisneo/lollms-webui

The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endp…

πŸ“… Published: April 10, 2024, 5:08 p.m. πŸ”„ Last Modified: July 9, 2025, 2:08 p.m.

0.0

CVE-2024-1599 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: April 10, 2024, 5:08 p.m. πŸ”„ Last Modified: June 7, 2024, 11:15 a.m.

7.2

CVSS3.0

CVE-2024-3283 - Privilege Escalation via Mass Assignment in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multi_user_mode' system variable, enabling…

πŸ“… Published: April 10, 2024, 5:07 p.m. πŸ”„ Last Modified: July 9, 2025, 7:49 p.m.

9.8

CVSS3.0

CVE-2024-2221 - Path Traversal and Arbitrary File Upload Vulnerability in qdrant/qdrant

qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to po…

πŸ“… Published: April 10, 2024, 5:07 p.m. πŸ”„ Last Modified: July 14, 2025, 6:27 p.m.

9.3

CVSS3.0

CVE-2024-1600 - Local File Inclusion in parisneo/lollms-webui

A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, U…

πŸ“… Published: April 10, 2024, 5:07 p.m. πŸ”„ Last Modified: July 9, 2025, 2:14 p.m.

9.1

CVSS3.0

CVE-2024-1643 - Unauthorized Organization Access in lunary-ai/lunary

By knowing an organization's ID, an attacker can join the organization without permission and gain the ability to read and modify all data within that organization. This vulnerability allows unauthorized access and modification of sensitive information, posing a significant security risk. The flaw …

πŸ“… Published: April 10, 2024, 5:07 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.5

CVSS3.0

CVE-2024-3569 - Denial of Service (DoS) Vulnerability in mintplex-labs/anything-llm

A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the [validatedRequest] middleware with a specially craf…

πŸ“… Published: April 10, 2024, 5:07 p.m. πŸ”„ Last Modified: July 9, 2025, 7:38 p.m.

9.8

CVSS3.0

CVE-2024-3098 - Prompt Injection leading to Arbitrary Code Execution in run-llama/llama_index

A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method …

πŸ“… Published: April 10, 2024, 5:07 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.5

CVSS3.1

CVE-2024-1728 - Local File Inclusion in gradio-app/gradio

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the…

πŸ“… Published: April 10, 2024, 5:07 p.m. πŸ”„ Last Modified: July 30, 2025, 2:51 p.m.

9.6

CVSS3.1

CVE-2024-3568 - Arbitrary Code Execution via Deserialization in huggingface/transformers

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exp…

πŸ“… Published: April 10, 2024, 5:07 p.m. πŸ”„ Last Modified: Oct. 10, 2025, 5:55 p.m.
Total resulsts: 349182
Page 10332 of 34,919
Β« previous page Β» next page
Filters