6.1
CVE-2024-5478 - Cross-site Scripting (XSS) in SAML metadata endpoint in lunary-ai/lunary
A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint `/auth/saml/${org?.id}/metadata` of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the `orgId` parameter supplied by the user before incorporating it intoβ¦
7.2
CVE-2024-5186 - Server Side Request Forgery (SSRF) in imartinez/privategpt
A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information. Specifically,β¦
7.2
CVE-2024-5225 - SQL Injection in berriai/litellm
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidatβ¦
8.8
CVE-2024-0520 - Remote Code Execution due to Full Controlled File Write in mlflow/mlflow
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP β¦
3.3
CVE-2024-2213 - Improper Authentication in zenml-io/zenml
An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized accounβ¦
5.3
CVE-2024-3102 - JSON Injection in mintplex-labs/anything-llm
A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacβ¦
3.3
CVE-2024-5307 - Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must β¦
5
CVE-2024-22326 - IBM System Storage improper authentication
IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. Β IBM X-Force ID: 279518.
9.8
CVE-2024-1881 - Improper Neutralization of Special Elements used in an OS Command in significant-gravitas/autogpt
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not includβ¦
7.8
CVE-2024-5306 - Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability
Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicβ¦