Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-3033 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. | 9.4 |
| 2024-06-06 | CVE-2024-3104 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. | 9.8 |
| 2024-06-06 | CVE-2024-5452 | Improper Control of Dynamically-Managed Code Resources vulnerability in Lightningai Pytorch Lightning A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the `deepdiff` library. | 9.8 |
| 2024-06-06 | CVE-2024-5482 | Unspecified vulnerability in Lollms web UI A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. | 9.8 |
| 2024-06-06 | CVE-2024-34832 | Path Traversal vulnerability in Cubecart Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters. | 9.8 |
| 2024-06-06 | CVE-2024-36779 | SQL Injection vulnerability in Stock Management System Project Stock Management System 1.0 Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php. | 9.8 |
| 2024-06-06 | CVE-2024-5675 | Unspecified vulnerability in Summar Mentor 3.83.35 Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. | 9.8 |
| 2024-06-06 | CVE-2024-36393 | Unspecified vulnerability in Sysaid SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 9.8 |
| 2024-06-06 | CVE-2024-36394 | Unspecified vulnerability in Sysaid SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 9.8 |
| 2024-06-06 | CVE-2024-4177 | Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Gravityzone A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. | 9.8 |