Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-22 | CVE-2024-23751 | SQL Injection vulnerability in Llamaindex LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. | 9.8 |
| 2024-01-22 | CVE-2024-23752 | Missing Authorization vulnerability in Gabrieleventuri Pandasai GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. | 9.8 |
| 2024-01-21 | CVE-2024-23730 | Unspecified vulnerability in Llamahub The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML. | 9.8 |
| 2024-01-21 | CVE-2024-23731 | Argument Injection or Modification vulnerability in Embedchain The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument. | 9.8 |
| 2024-01-21 | CVE-2024-0769 | Unspecified vulnerability in Dlink Dir-859 Firmware 1.06 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. | 9.8 |
| 2024-01-20 | CVE-2023-51906 | Unspecified vulnerability in Yonyou Yonbip 323.05 An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component. | 9.8 |
| 2024-01-20 | CVE-2023-51924 | Unrestricted Upload of File with Dangerous Type vulnerability in Yonyou Yonbip 323.05 An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 |
| 2024-01-20 | CVE-2023-51925 | Unrestricted Upload of File with Dangerous Type vulnerability in Yonyou Yonbip 323.05 An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 |
| 2024-01-20 | CVE-2021-31314 | Unrestricted Upload of File with Dangerous Type vulnerability in Ejinshan Terminal Security System 8.0 File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server. | 9.8 |
| 2024-01-20 | CVE-2023-51892 | Unspecified vulnerability in Weaver E-Cology 10.0.2310.01 An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component. | 9.8 |