CVE Database

37700+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-12389
8.8 HIGH

A path traversal vulnerability exists in binary-husky/gpt_academic version git 310122f. The application supports the extraction of user-provided 7z files without proper validation. The Python py7zr …

Mar 20, 2025
CVE-2024-12376
7.5 HIGH

A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker …

Mar 20, 2025
CVE-2024-12216
7.1 HIGH

A vulnerability in the `ImageClassificationDataset.from_csv()` API of the `dmlc/gluon-cv` repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts `tar.gz` files from …

Mar 20, 2025
CVE-2024-12215
8.8 HIGH

In kedro-org/kedro version 0.19.8, the `pull_package()` API function allows users to download and extract micro packages from the Internet. However, the function `project_wheel_metadata()` within the …

Mar 20, 2025
CVE-2024-12070
7.5 HIGH

A Denial of Service (DoS) vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 (LLaVA-1.6). The vulnerability is due to improper …

Mar 20, 2025
CVE-2024-12068
7.5 HIGH

A Server-Side Request Forgery (SSRF) vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP …

Mar 20, 2025
CVE-2024-12065
7.5 HIGH

A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending …

Mar 20, 2025
CVE-2024-12063
7.5 HIGH

A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data …

Mar 20, 2025
CVE-2024-12055
7.5 HIGH

A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama …

Mar 20, 2025
CVE-2024-12048
8.8 HIGH

An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers …

Mar 20, 2025
CVE-2024-12039
8.1 HIGH

langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess attempts for password reset. This allows an …

Mar 20, 2025
CVE-2024-11824
7.6 HIGH

A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. The vulnerability arises because certain HTML tags like …

Mar 20, 2025
CVE-2024-11822
7.5 HIGH

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. The vulnerability exists due to improper handling of the api_endpoint parameter, allowing an attacker to …

Mar 20, 2025
CVE-2024-11603
7.5 HIGH

A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the `/queue/join?` endpoint, where insufficient validation of the path …

Mar 20, 2025
CVE-2024-11602
7.4 HIGH

A Cross-Origin Resource Sharing (CORS) vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only …

Mar 20, 2025
CVE-2024-11449
7.5 HIGH

A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6) allows for Server-Side Request Forgery (SSRF) through the /run/predict endpoint. An attacker can gain unauthorized access to internal …

Mar 20, 2025
CVE-2024-11302
8.0 HIGH

A missing check_access() function in the lollms_binding_infos module of the parisneo/lollms repository, version V14, allows attackers to add, modify, and remove bindings arbitrarily. This vulnerability …

Mar 20, 2025
CVE-2024-11172
7.5 HIGH

A vulnerability in danny-avila/librechat version git a1647d7 allows an unauthenticated attacker to cause a denial of service by sending a crafted payload to the server. …

Mar 20, 2025
CVE-2024-11171
7.5 HIGH

In danny-avila/librechat version git 0c2a583, there is an improper input validation vulnerability. The application uses multer middleware for handling multipart file uploads. When using in-memory …

Mar 20, 2025
CVE-2024-11170
8.8 HIGH

A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead …

Mar 20, 2025
CVE-2024-11169
7.5 HIGH

An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling …

Mar 20, 2025
CVE-2024-11137
7.5 HIGH

An Insecure Direct Object Reference (IDOR) vulnerability exists in the `PATCH /v1/runs/:id/score` endpoint of lunary-ai/lunary version 1.6.0. This vulnerability allows an attacker to update the …

Mar 20, 2025
CVE-2024-11043
7.5 HIGH

A Denial of Service (DoS) vulnerability was discovered in the /api/v1/boards/{board_id} endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is …

Mar 20, 2025
CVE-2024-11039
8.8 HIGH

A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gpt_academic versions up to and including 3.83. This vulnerability allows attackers …

Mar 20, 2025
CVE-2024-11031
7.5 HIGH

In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_Translate.get_files_from_everything() API. This vulnerability is exploited through the HotReload(Markdown翻译中) plugin function, …

Mar 20, 2025
CVE-2024-11030
7.5 HIGH

GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plugin function, which calls the crazy_utils.get_files_from_everything() API without proper …

Mar 20, 2025
CVE-2024-10986
8.8 HIGH

GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. This function can download and extract tar.gz files …

Mar 20, 2025
CVE-2024-10956
7.1 HIGH

GPT Academy version 3.83 in the binary-husky/gpt_academic repository is vulnerable to Cross-Site WebSocket Hijacking (CSWSH). This vulnerability allows an attacker to hijack an existing WebSocket …

Mar 20, 2025
CVE-2024-10954
8.8 HIGH

In the `manim` plugin of binary-husky/gpt_academic, versions prior to the fix, a vulnerability exists due to improper handling of user-provided prompts. The root cause is …

Mar 20, 2025
CVE-2024-10950
8.8 HIGH

In binary-husky/gpt_academic version <= 3.83, the plugin `CodeInterpreter` is vulnerable to code injection caused by prompt injection. The root cause is the execution of user-provided …

Mar 20, 2025
CVE-2024-10935
7.5 HIGH

automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be …

Mar 20, 2025
CVE-2024-10912
7.5 HIGH

A Denial of Service (DoS) vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data …

Mar 20, 2025
CVE-2024-10907
7.5 HIGH

In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending …

Mar 20, 2025
CVE-2024-10906
8.1 HIGH

In version 0.6.0 of eosphoros-ai/db-gpt, the `uvicorn` app created by `dbgpt_server` uses an overly permissive instance of `CORSMiddleware` which sets the `Access-Control-Allow-Origin` to `*` for …

Mar 20, 2025
CVE-2024-10830
8.2 HIGH

A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint `/v1/resource/file/delete`. This vulnerability allows an attacker to delete any file on …

Mar 20, 2025
CVE-2024-10829
7.5 HIGH

A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The …

Mar 20, 2025
CVE-2024-10821
7.5 HIGH

A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server (version v5.0.1) allows unauthenticated attackers to cause excessive …

Mar 20, 2025
CVE-2024-10819
8.8 HIGH

A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to trick a user into uploading files without their consent, exploiting …

Mar 20, 2025
CVE-2024-10762
8.1 HIGH

In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks …

Mar 20, 2025
CVE-2024-10718
7.5 HIGH

In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those …

Mar 20, 2025
CVE-2024-10714
7.5 HIGH

A vulnerability in binary-husky/gpt_academic version 3.83 allows an attacker to cause a Denial of Service (DoS) by adding excessive characters to the end of a …

Mar 20, 2025
CVE-2024-10713
7.5 HIGH

A vulnerability in szad670401/hyperlpr v3.0 allows for a Denial of Service (DoS) attack. The server fails to handle excessive characters appended to the end of …

Mar 20, 2025
CVE-2024-10650
7.5 HIGH

An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart …

Mar 20, 2025
CVE-2024-10648
8.2 HIGH

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the …

Mar 20, 2025
CVE-2024-10624
7.5 HIGH

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The …

Mar 20, 2025
CVE-2024-10572
7.5 HIGH

In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. This includes the `XGBoostLibExtractTool` class, which can be …

Mar 20, 2025
CVE-2024-10569
7.5 HIGH

A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, …

Mar 20, 2025
CVE-2024-10550
7.5 HIGH

A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint applies a user-specified regular expression …

Mar 20, 2025
CVE-2024-10549
7.5 HIGH

A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to …

Mar 20, 2025
CVE-2024-10513
7.2 HIGH

A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with …

Mar 20, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.