5
CVE-2024-22326 - IBM System Storage improper authentication
IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. Β IBM X-Force ID: 279518.
9.8
CVE-2024-1881 - Improper Neutralization of Special Elements used in an OS Command in significant-gravitas/autogpt
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not includβ¦
7.8
CVE-2024-5306 - Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability
Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicβ¦
5.3
CVE-2024-5550 - Exposure of Sensitive Information via Arbitrary System Path Lookup in h2oai/h2o-3
In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead Aβ¦
6.1
CVE-2024-2383 - Clickjacking Vulnerability in zenml-io/zenml
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious paβ¦
7.5
CVE-2024-4881 - Path Traversal in parisneo/lollms
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beβ¦
6.8
CVE-2024-37364 -
Ariane Allegro Scenario Player through 2024-03-05, when Ariane Duo kiosk mode is used, allows physically proximate attackers to obtain sensitive information (such as hotel invoice content with PII), and potentially create unauthorized room keys, by entering a guest-search quote character and then aβ¦
3.5
CVE-2024-32873 - evmos allows transferring unvested tokens after delegations
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. The spendable balance is not updated properly when delegating vested tokens. The issue allows a clawback vesting account to anticipate the release of unvested tokens. This vulnerability is fixed in 18.0.0.
9.8
CVE-2024-2624 - Path Traversal and Arbitrary File Upload Vulnerability in parisneo/lollms-webui
A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_personal_path")` endpoint in `./lollms-webui/lollms_core/lollms/server/endpoints/lollms_user.py`. The vulnerability arises due to insufficient saniβ¦
8.7
CVE-2024-3110 - Stored XSS leading to admin account takeover in mintplex-labs/anything-llm
A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied URLs before embedding them β¦