Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-8923 Code Injection vulnerability in Servicenow Vancouver/Washingtondc/Xanadu
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform.
network
low complexity
servicenow CWE-94
critical
10.0
2024-10-29 CVE-2024-5823 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Gaizhenbiao Chuanhuchatgpt
A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410.
network
low complexity
gaizhenbiao CWE-610
critical
9.1
2024-10-29 CVE-2024-5982 Path Traversal vulnerability in Gaizhenbiao Chuanhuchatgpt
A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt.
network
low complexity
gaizhenbiao CWE-22
critical
9.8
2024-10-29 CVE-2024-6581 Cross-site Scripting vulnerability in Lollms Lord of Large Language Models 9.9
A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files.
network
low complexity
lollms CWE-79
critical
9.0
2024-10-29 CVE-2024-6868 Unspecified vulnerability in Mudler Localai 2.17.1
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction.
network
low complexity
mudler
critical
9.8
2024-10-29 CVE-2024-7042 SQL Injection vulnerability in Langchain
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection.
network
low complexity
langchain CWE-89
critical
9.8
2024-10-29 CVE-2024-7475 Unspecified vulnerability in Lunary
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization.
network
low complexity
lunary
critical
9.1
2024-10-29 CVE-2024-7774 Path Traversal vulnerability in Langchain 0.2.5
A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5.
network
low complexity
langchain CWE-22
critical
9.1
2024-10-29 CVE-2024-8309 Injection vulnerability in Langchain 0.2.5
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection.
network
low complexity
langchain CWE-74
critical
9.8
2024-10-29 CVE-2024-50550 Inadequate Encryption Strength vulnerability in Litespeedtech Litespeed Cache
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through 6.5.1.
network
low complexity
litespeedtech CWE-326
critical
9.8