CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-0452
8.2 HIGH

eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the '/v1/agent/hub/update' endpoint. The application fails to properly filter the '\' character, …

Mar 20, 2025
CVE-2025-0330
7.5 HIGH

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability …

Mar 20, 2025
CVE-2025-0317
7.5 HIGH

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can …

Mar 20, 2025
CVE-2025-0315
7.5 HIGH

A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. …

Mar 20, 2025
CVE-2025-0312
7.5 HIGH

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama …

Mar 20, 2025
CVE-2025-0190
7.5 HIGH

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through …

Mar 20, 2025
CVE-2025-0189
7.5 HIGH

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, …

Mar 20, 2025
CVE-2025-0187
7.5 HIGH

A Denial of Service (DoS) vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. The vulnerability is due to improper handling of …

Mar 20, 2025
CVE-2025-0185
8.8 HIGH

A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs …

Mar 20, 2025
CVE-2025-0182
7.5 HIGH

A vulnerability in danswer-ai/danswer version 0.9.0 allows for denial of service through memory exhaustion. The issue arises from the use of a vulnerable version of …

Mar 20, 2025
CVE-2024-9920
8.8 HIGH

In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, …

Mar 20, 2025
CVE-2024-9919
8.4 HIGH

A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/{app_name} API endpoint does not call …

Mar 20, 2025
CVE-2024-9847
8.0 HIGH

FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a …

Mar 20, 2025
CVE-2024-9606
7.5 HIGH

In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the …

Mar 20, 2025
CVE-2024-9597
7.1 HIGH

A Path Traversal vulnerability exists in the `/wipe_database` endpoint of parisneo/lollms version v12, allowing an attacker to delete any directory on the system. The vulnerability …

Mar 20, 2025
CVE-2024-9439
8.8 HIGH

SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update` API allows attackers to control certain parameters, which are then …

Mar 20, 2025
CVE-2024-9437
7.5 HIGH

SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability exists in the resource upload request, where appending characters, such …

Mar 20, 2025
CVE-2024-9431
8.8 HIGH

In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, …

Mar 20, 2025
CVE-2024-9415
8.8 HIGH

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to …

Mar 20, 2025
CVE-2024-9363
7.5 HIGH

An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. …

Mar 20, 2025
CVE-2024-9362
7.5 HIGH

An unauthenticated directory traversal vulnerability exists in Polyaxon, affecting the latest version. This vulnerability allows an attacker to retrieve directory information and file contents from …

Mar 20, 2025
CVE-2024-9340
7.5 HIGH

A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary …

Mar 20, 2025
CVE-2024-9229
7.5 HIGH

A Denial of Service (DoS) vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters …

Mar 20, 2025
CVE-2024-9216
8.1 HIGH

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises …

Mar 20, 2025
CVE-2024-9099
8.1 HIGH

In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such …

Mar 20, 2025
CVE-2024-9096
7.1 HIGH

In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to modify checklists by sending a PATCH request. The route lacks proper access control, such …

Mar 20, 2025
CVE-2024-9056
7.5 HIGH

BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by appending characters, such as dashes (-), to …

Mar 20, 2025
CVE-2024-8999
7.5 HIGH

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data …

Mar 20, 2025
CVE-2024-8998
7.5 HIGH

A Regular Expression Denial of Service (ReDoS) vulnerability exists in lunary-ai/lunary version git f07a845. The server uses the regex /{.*?}/ to match user-controlled strings. In …

Mar 20, 2025
CVE-2024-8984
7.5 HIGH

A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the …

Mar 20, 2025
CVE-2024-8966
7.5 HIGH

A vulnerability in the file upload process of gradio-app/gradio version @gradio/[email protected] allows for a Denial of Service (DoS) attack. An attacker can append a large …

Mar 20, 2025
CVE-2024-8955
7.5 HIGH

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the …

Mar 20, 2025
CVE-2024-8952
7.5 HIGH

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. This vulnerability allows an attacker to read files, access …

Mar 20, 2025
CVE-2024-8859
7.5 HIGH

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol …

Mar 20, 2025
CVE-2024-8789
7.5 HIGH

Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. The application allows users to upload their own regular expressions, …

Mar 20, 2025
CVE-2024-8765
7.3 HIGH

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' …

Mar 20, 2025
CVE-2024-8764
7.5 HIGH

A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute arbitrary regular expressions on the server side. This can lead to …

Mar 20, 2025
CVE-2024-8763
7.5 HIGH

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary repository, specifically in the compileTextTemplate function. The affected version is git be54057. An …

Mar 20, 2025
CVE-2024-8616
8.2 HIGH

In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the `exportModelDetails` function in `ModelsHandler.java`, …

Mar 20, 2025
CVE-2024-8613
8.8 HIGH

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of …

Mar 20, 2025
CVE-2024-8524
7.5 HIGH

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted …

Mar 20, 2025
CVE-2024-8501
8.8 HIGH

An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the …

Mar 20, 2025
CVE-2024-8489
8.8 HIGH

A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery (CSRF) due to overly permissive CORS headers. This issue …

Mar 20, 2025
CVE-2024-8438
7.5 HIGH

A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not properly sanitize the `path` parameter, allowing an attacker to read …

Mar 20, 2025
CVE-2024-8249
7.5 HIGH

mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. An attacker can exploit this …

Mar 20, 2025
CVE-2024-8248
7.2 HIGH

A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage …

Mar 20, 2025
CVE-2024-8238
8.1 HIGH

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_getattr() function from RestrictedPython. This version does not protect against …

Mar 20, 2025
CVE-2024-8183
7.6 HIGH

A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to …

Mar 20, 2025
CVE-2024-8099
8.3 HIGH

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. An attacker can exploit this vulnerability …

Mar 20, 2025
CVE-2024-8065
8.1 HIGH

A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victim's browser. This …

Mar 20, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.