VYPR

CVEs

100,082 total · page 673 of 2,002

  • CVE-2024-4881HigJun 6, 2024
    risk 0.42cvss 7.5epss 0.01

    A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing…

  • CVE-2024-4851HigJun 6, 2024
    risk 0.50cvss 7.7epss 0.01

    A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP…

  • CVE-2024-3150HigJun 6, 2024
    risk 0.00cvss 8.8epss 0.01

    In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling HTTP POST requests to the endpoint…

  • CVE-2024-3149HigJun 6, 2024
    risk 0.00cvss 8.8epss 0.01

    A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can…

  • CVE-2024-3110HigJun 6, 2024
    risk 0.00cvss 8.7epss 0.01

    A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied URLs…

  • CVE-2024-3095HigJun 6, 2024
    risk 0.43cvss 7.7epss 0.01

    A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach…

  • CVE-2024-37153HigJun 6, 2024
    risk 0.42cvss 7.5epss 0.01

    Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the…

  • CVE-2024-36740HigJun 6, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of size.

  • CVE-2024-36734HigJun 6, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter.

  • CVE-2024-36732HigJun 6, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot.

  • CVE-2024-36730HigJun 6, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter.

  • CVE-2024-30373HigJun 6, 2024
    risk 0.51cvss 7.8epss 0.01

    Kofax Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the…

  • CVE-2024-2928HigJun 6, 2024
    risk 0.43cvss 7.5epss 0.22

    A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as…

  • CVE-2024-2548HigJun 6, 2024
    risk 0.00cvss 7.5epss 0.01

    A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` and `lollms_core/lollms/security.py` files. Due to inadequate validation of file paths between Windows and…

  • CVE-2024-2288HigJun 6, 2024
    risk 0.00cvss 8.3epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile…

  • CVE-2024-1880HigJun 6, 2024
    risk 0.00cvss 7.8epss 0.01

    An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the…

  • CVE-2024-0520HigJun 6, 2024
    risk 0.50cvss 8.8epss 0.02

    A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a…

  • CVE-2023-45192HigJun 6, 2024
    risk 0.53cvss 8.2epss 0.01

    IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM…

  • CVE-2024-5509HigJun 6, 2024
    risk 0.51cvss 7.8epss 0.01

    Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in…

  • CVE-2024-5508HigJun 6, 2024
    risk 0.51cvss 7.8epss 0.01

    Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in…

  • CVE-2024-5507HigJun 6, 2024
    risk 0.51cvss 7.8epss 0.01

    Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this…

  • CVE-2024-5506HigJun 6, 2024
    risk 0.51cvss 7.8epss 0.01

    Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in…

  • CVE-2024-5505HigJun 6, 2024
    risk 0.61cvss 8.8epss 0.47

    NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is…

  • CVE-2024-5303HigJun 6, 2024
    risk 0.51cvss 7.8epss 0.01

    Kofax Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the…

  • CVE-2024-5302HigJun 6, 2024
    risk 0.51cvss 7.8epss 0.01

    Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the…

  • CVE-2024-5301HigJun 6, 2024
    risk 0.51cvss 7.8epss 0.01

    Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that…

  • CVE-2024-5277HigJun 6, 2024
    risk 0.49cvss 7.5epss 0.00

    In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. This allows an attacker who compromises the recovery token to repeatedly change the password of a victim's account. The issue…

  • CVE-2024-5269HigJun 6, 2024
    risk 0.57cvss 8.8epss 0.01

    Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this…

  • CVE-2024-5267HigJun 6, 2024
    risk 0.57cvss 8.8epss 0.01

    Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this…

  • CVE-2024-4941HigJun 6, 2024
    risk 0.42cvss 7.5epss 0.01

    A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the `postprocess()` function within `gradio/components/json_component.py`, where a user-controlled string is parsed as…

  • CVE-2024-4889HigJun 6, 2024
    risk 0.47cvss 7.2epss 0.01

    A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable.…

  • CVE-2024-4325HigJun 6, 2024
    risk 0.52cvss 8.6epss 0.37

    A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the `/queue/join` endpoint and the `save_url_to_cache` function. The vulnerability arises when the `path` value, obtained from the user and expected to be a…

  • CVE-2024-3152HigJun 6, 2024
    risk 0.00cvss 8.8epss 0.01

    mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the…

  • CVE-2024-36745HigJun 6, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select parameter.

  • CVE-2024-36743HigJun 6, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot.

  • CVE-2024-36737HigJun 6, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter.

  • CVE-2024-30375HigJun 6, 2024
    risk 0.51cvss 7.8epss 0.00

    Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that…

  • CVE-2024-30374HigJun 6, 2024
    risk 0.51cvss 7.8epss 0.01

    Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in…

  • CVE-2024-30369HigJun 6, 2024
    risk 0.51cvss 7.8epss 0.00

    A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on…

  • CVE-2024-30368HigJun 6, 2024
    risk 0.57cvss 8.8epss 0.03

    A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw…

  • CVE-2024-2914HigJun 6, 2024
    risk 0.00cvss 8.8epss 0.01

    A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this…

  • CVE-2024-1879HigJun 6, 2024
    risk 0.00cvss 8.8epss 0.01

    A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an…

  • CVE-2024-36742HigJun 6, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape.

  • CVE-2024-33655HigJun 6, 2024
    risk 0.42cvss 7.5epss 0.02

    The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification…

  • CVE-2024-37150HigJun 6, 2024
    risk 0.00cvss 7.6epss 0.00

    An issue in `.npmrc` support in Deno 1.44.0 was discovered where Deno would send `.npmrc` credentials for the scope to the tarball URL when the registry provided URLs for a tarball on a different domain. All users relying on .npmrc are potentially affected by this vulnerability…

  • CVE-2024-36399HigJun 6, 2024
    risk 0.00cvss 8.2epss 0.00

    Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is…

  • CVE-2024-35178HigJun 6, 2024
    risk 0.42cvss 7.5epss 0.01

    The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain…

  • CVE-2024-5329HigJun 6, 2024
    risk 0.57cvss 8.8epss 0.01

    The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to blind SQL Injection via the ‘data[addonID]’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and…

  • CVE-2024-28995HigKEVJun 6, 2024
    risk 0.79cvss 8.6epss 1.00

    SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

  • CVE-2024-4177HigJun 6, 2024
    risk 0.53cvss 8.1epss 0.00

    A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise.