Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-21 | CVE-2025-26336 | Stack-based Buffer Overflow vulnerability in Dell products Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. | 9.8 |
| 2025-03-21 | CVE-2025-29814 | Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. | 9.3 |
| 2025-03-20 | CVE-2024-12450 | Server-Side Request Forgery (SSRF) vulnerability in Infiniflow Ragflow 0.12.0 In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. | 9.8 |
| 2025-03-20 | CVE-2024-4990 | Unspecified vulnerability in Yiiframework YII 2.0.48 In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration. | 9.1 |
| 2025-03-20 | CVE-2024-7053 | Unspecified vulnerability in Openwebui Open Webui 0.3.8 A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. | 9.0 |
| 2025-03-20 | CVE-2024-7773 | Unspecified vulnerability in Ollama 0.1.37 A vulnerability in ollama/ollama version 0.1.37 allows for remote code execution (RCE) due to improper input validation in the handling of zip files. | 9.8 |
| 2025-03-20 | CVE-2024-7776 | Unspecified vulnerability in Onnx A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. | 9.1 |
| 2025-03-20 | CVE-2024-8156 | Unspecified vulnerability in Agpt Autogpt A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. | 9.8 |
| 2025-03-20 | CVE-2024-8487 | Unspecified vulnerability in Modelscope Agentscope 0.0.4 A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. | 9.8 |
| 2025-03-20 | CVE-2024-8769 | Path Traversal vulnerability in Aimstack AIM A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal. | 9.1 |