Vulnerabilities > Infiniflow > Ragflow

DATE CVE VULNERABILITY TITLE RISK
2025-03-20 CVE-2024-12450 Server-Side Request Forgery (SSRF) vulnerability in Infiniflow Ragflow 0.12.0
In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities.
network
low complexity
infiniflow CWE-918
critical
 9.8
9.8
2025-03-20 CVE-2024-12779 Unspecified vulnerability in Infiniflow Ragflow 0.12.0
A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0.
network
low complexity
infiniflow
7.5
7.5
2025-03-20 CVE-2024-12869 Unspecified vulnerability in Infiniflow Ragflow 0.12.0
In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list.
network
low complexity
infiniflow
4.3
4.3
2025-03-20 CVE-2024-12871 Unspecified vulnerability in Infiniflow Ragflow 0.12.0
An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base.
network
low complexity
infiniflow
5.4
5.4
2024-10-19 CVE-2024-10131 Command Injection vulnerability in Infiniflow Ragflow 0.11.0
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability.
network
low complexity
infiniflow CWE-77
8.8
8.8