Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-7774 | Path Traversal vulnerability in Langchain 0.2.5 A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. | 9.1 |
| 2024-10-29 | CVE-2024-7783 | Cleartext Storage of Sensitive Information vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. | 7.5 |
| 2024-10-29 | CVE-2024-7807 | Allocation of Resources Without Limits or Throttling vulnerability in Gaizhenbiao Chuanhuchatgpt 20240628 A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. | 7.5 |
| 2024-10-29 | CVE-2024-7962 | Path Traversal vulnerability in Gaizhenbiao Chuanhuchatgpt 20240628 An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. | 7.5 |
| 2024-10-29 | CVE-2024-8143 | Unspecified vulnerability in Gaizhenbiao Chuanhuchatgpt 20240628 In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. | 4.3 |
| 2024-10-29 | CVE-2024-8309 | Injection vulnerability in Langchain 0.2.5 A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. | 9.8 |
| 2024-10-29 | CVE-2024-10181 | The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-10-29 | CVE-2024-49651 | Cross-site Scripting vulnerability in Mattroyal Woocommerce Maintenance Mode Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Matt Royal WooCommerce Maintenance Mode allows Reflected XSS.This issue affects WooCommerce Maintenance Mode: from n/a through 2.0.1. | 6.1 |
| 2024-10-29 | CVE-2024-49654 | Cross-site Scripting vulnerability in Marianheddesheimer Extra Privacy for Elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marian Heddesheimer Extra Privacy for Elementor allows Reflected XSS.This issue affects Extra Privacy for Elementor: from n/a through 0.1.3. | 6.1 |
| 2024-10-29 | CVE-2024-49656 | Cross-site Scripting vulnerability in Abdullahirfan Documentpress Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Irfan DocumentPress allows Reflected XSS.This issue affects DocumentPress: from n/a through 2.1. | 6.1 |