Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-51181 | Cross-site Scripting vulnerability in PHPgurukul Ifsc Code Finder 1.0 A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter. | 6.1 |
| 2024-10-29 | CVE-2024-5823 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Gaizhenbiao Chuanhuchatgpt A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. | 9.1 |
| 2024-10-29 | CVE-2024-5982 | Path Traversal vulnerability in Gaizhenbiao Chuanhuchatgpt A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. | 9.8 |
| 2024-10-29 | CVE-2024-6581 | Cross-site Scripting vulnerability in Lollms Lord of Large Language Models 9.9 A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. | 9.0 |
| 2024-10-29 | CVE-2024-6673 | Cross-Site Request Forgery (CSRF) vulnerability in Lollms web UI A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. | 6.5 |
| 2024-10-29 | CVE-2024-6674 | Origin Validation Error vulnerability in Lollms web UI A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. | 7.1 |
| 2024-10-29 | CVE-2024-6868 | Unspecified vulnerability in Mudler Localai 2.17.1 mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. | 9.8 |
| 2024-10-29 | CVE-2024-7010 | Information Exposure Through Discrepancy vulnerability in Mudler Localai 2.17.1 mudler/localai version 2.17.1 is vulnerable to a Timing Attack. | 5.9 |
| 2024-10-29 | CVE-2024-7042 | SQL Injection vulnerability in Langchain A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. | 9.8 |
| 2024-10-29 | CVE-2024-7472 | Injection vulnerability in Lunary 1.2.26 lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API (/v1/users/send-verification) and Sign up API (/auth/signup). | 6.5 |