VYPR
Vendor

Onyx Dot App

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2024-32881CriApr 26, 2024
    risk 0.57cvss 9.8epss 0.01

    Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot,…

  • CVE-2025-7894MedJul 20, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generate_simple_sql of the file backend/onyx/agents/agent_search/kb_search/nodes/a3_generate_simple_sql.py of the component Chat Interface. The manipulation…

  • CVE-2026-42277MedMay 8, 2026
    risk 0.35cvss 6.5epss 0.00

    Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never…

  • CVE-2026-42276MedMay 8, 2026
    risk 0.21cvss 4.3epss 0.00

    Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/{chat_session_id} endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session…

  • CVE-2024-0113Aug 9, 2024
    risk 0.00cvss epss 0.01

    NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information…

  • CVE-2024-0104Aug 8, 2024
    risk 0.00cvss epss 0.00

    NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.

  • CVE-2024-0101Aug 8, 2024
    risk 0.00cvss epss 0.01

    NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service.

  • CVE-2023-43784Sep 22, 2023
    risk 0.00cvss epss 0.00

    Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat.

  • CVE-2020-11584Aug 3, 2020
    risk 0.00cvss epss 0.01

    A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.