Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-6674 | Origin Validation Error vulnerability in Lollms web UI A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. | 7.1 |
| 2024-10-29 | CVE-2024-6868 | Unspecified vulnerability in Mudler Localai 2.17.1 mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. | 9.8 |
| 2024-10-29 | CVE-2024-7010 | Information Exposure Through Discrepancy vulnerability in Mudler Localai 2.17.1 mudler/localai version 2.17.1 is vulnerable to a Timing Attack. | 5.9 |
| 2024-10-29 | CVE-2024-7042 | SQL Injection vulnerability in Langchain A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. | 9.8 |
| 2024-10-29 | CVE-2024-7472 | Injection vulnerability in Lunary 1.2.26 lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API (/v1/users/send-verification) and Sign up API (/auth/signup). | 6.5 |
| 2024-10-29 | CVE-2024-7473 | Authorization Bypass Through User-Controlled Key vulnerability in Lunary 1.3.2 An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. | 6.5 |
| 2024-10-29 | CVE-2024-7474 | Unspecified vulnerability in Lunary In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. | 8.1 |
| 2024-10-29 | CVE-2024-7475 | Unspecified vulnerability in Lunary An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. | 9.1 |
| 2024-10-29 | CVE-2024-7774 | Path Traversal vulnerability in Langchain 0.2.5 A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. | 9.1 |
| 2024-10-29 | CVE-2024-7783 | Cleartext Storage of Sensitive Information vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. | 7.5 |