Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-1873 | Unspecified vulnerability in Lollms web UI parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0. | 9.1 |
| 2024-06-06 | CVE-2024-1881 | Unspecified vulnerability in Agpt Autogpt 0.5.0 AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. | 9.8 |
| 2024-06-06 | CVE-2024-2359 | Unspecified vulnerability in Lollms web UI 9.3 A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. | 9.8 |
| 2024-06-06 | CVE-2024-2360 | Path Traversal vulnerability in Lollms web UI parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. | 9.8 |
| 2024-06-06 | CVE-2024-2362 | Path Traversal vulnerability in Lollms web UI 9.3 A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. | 9.1 |
| 2024-06-06 | CVE-2024-2624 | Path Traversal vulnerability in Lollms web UI A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_personal_path")` endpoint in `./lollms-webui/lollms_core/lollms/server/endpoints/lollms_user.py`. | 9.8 |
| 2024-06-06 | CVE-2024-36736 | Incorrect Calculation vulnerability in Oneflow 0.9.1 An issue in the oneflow.permute component of OneFlow-Inc. | 9.8 |
| 2024-06-06 | CVE-2024-3033 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. | 9.4 |
| 2024-06-06 | CVE-2024-3104 | Unspecified vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. | 9.8 |
| 2024-06-06 | CVE-2024-5452 | Improper Control of Dynamically-Managed Code Resources vulnerability in Lightningai Pytorch Lightning A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the `deepdiff` library. | 9.8 |