Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-5823 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Gaizhenbiao Chuanhuchatgpt
A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410.
network
low complexity
gaizhenbiao CWE-610
critical
9.1
2024-10-29 CVE-2024-5982 Path Traversal vulnerability in Gaizhenbiao Chuanhuchatgpt
A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt.
network
low complexity
gaizhenbiao CWE-22
critical
9.8
2024-10-29 CVE-2024-6581 Cross-site Scripting vulnerability in Lollms Lord of Large Language Models 9.9
A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files.
network
low complexity
lollms CWE-79
critical
9.0
2024-10-29 CVE-2024-6868 Unspecified vulnerability in Mudler Localai 2.17.1
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction.
network
low complexity
mudler
critical
9.8
2024-10-29 CVE-2024-7042 SQL Injection vulnerability in Langchain
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection.
network
low complexity
langchain CWE-89
critical
9.8
2024-10-29 CVE-2024-7475 Unspecified vulnerability in Lunary
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization.
network
low complexity
lunary
critical
9.1
2024-10-29 CVE-2024-7774 Path Traversal vulnerability in Langchain 0.2.5
A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5.
network
low complexity
langchain CWE-22
critical
9.1
2024-10-29 CVE-2024-8309 Injection vulnerability in Langchain 0.2.5
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection.
network
low complexity
langchain CWE-74
critical
9.8
2024-10-29 CVE-2024-45656 IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP.
network
low complexity
CWE-798
critical
9.8
2024-10-28 CVE-2024-44217 Incorrect Authorization vulnerability in Apple Iphone OS
A permissions issue was addressed by removing vulnerable code and adding additional checks.
network
low complexity
apple CWE-863
critical
9.1