Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-7473 | Authorization Bypass Through User-Controlled Key vulnerability in Lunary 1.3.2 An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. | 6.5 |
| 2024-10-29 | CVE-2024-7474 | Unspecified vulnerability in Lunary In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. | 8.1 |
| 2024-10-29 | CVE-2024-7475 | Unspecified vulnerability in Lunary An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. | 9.1 |
| 2024-10-29 | CVE-2024-7774 | Path Traversal vulnerability in Langchain 0.2.5 A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. | 9.1 |
| 2024-10-29 | CVE-2024-7783 | Cleartext Storage of Sensitive Information vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. | 7.5 |
| 2024-10-29 | CVE-2024-7807 | Allocation of Resources Without Limits or Throttling vulnerability in Gaizhenbiao Chuanhuchatgpt 20240628 A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. | 7.5 |
| 2024-10-29 | CVE-2024-7962 | Path Traversal vulnerability in Gaizhenbiao Chuanhuchatgpt 20240628 An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. | 7.5 |
| 2024-10-29 | CVE-2024-8143 | Unspecified vulnerability in Gaizhenbiao Chuanhuchatgpt 20240628 In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. | 4.3 |
| 2024-10-29 | CVE-2024-8309 | Injection vulnerability in Langchain 0.2.5 A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. | 9.8 |
| 2024-10-29 | CVE-2024-10181 | The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |