Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-5823 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Gaizhenbiao Chuanhuchatgpt A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. | 9.1 |
| 2024-10-29 | CVE-2024-5982 | Path Traversal vulnerability in Gaizhenbiao Chuanhuchatgpt A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. | 9.8 |
| 2024-10-29 | CVE-2024-6581 | Cross-site Scripting vulnerability in Lollms Lord of Large Language Models 9.9 A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. | 9.0 |
| 2024-10-29 | CVE-2024-6868 | Unspecified vulnerability in Mudler Localai 2.17.1 mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. | 9.8 |
| 2024-10-29 | CVE-2024-7042 | SQL Injection vulnerability in Langchain A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. | 9.8 |
| 2024-10-29 | CVE-2024-7475 | Unspecified vulnerability in Lunary An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. | 9.1 |
| 2024-10-29 | CVE-2024-7774 | Path Traversal vulnerability in Langchain 0.2.5 A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. | 9.1 |
| 2024-10-29 | CVE-2024-8309 | Injection vulnerability in Langchain 0.2.5 A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. | 9.8 |
| 2024-10-29 | CVE-2024-45656 | IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP. | 9.8 |
| 2024-10-28 | CVE-2024-40867 | Unspecified vulnerability in Apple Ipados A custom URL scheme handling issue was addressed with improved input validation. | 9.6 |