Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-03-20 CVE-2024-8026 Unspecified vulnerability in Qanything
A Cross-Site Request Forgery (CSRF) vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc.
network
low complexity
qanything
8.1
8.1
2025-03-20 CVE-2024-8053 Missing Authentication for Critical Function vulnerability in Openwebui Open Webui 0.3.10
In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service.
network
low complexity
openwebui CWE-306
8.2
8.2
2025-03-20 CVE-2024-8062 Unspecified vulnerability in H2O 3.46.0
A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service.
network
low complexity
h2o
7.5
7.5
2025-03-20 CVE-2024-8063 Divide By Zero vulnerability in Ollama 0.3.3
A divide by zero vulnerability exists in ollama/ollama version v0.3.3.
network
low complexity
ollama CWE-369
7.5
7.5
2025-03-20 CVE-2024-8501 Unspecified vulnerability in Modelscope Agentscope 0.0.4
An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4.
network
low complexity
modelscope
8.8
8.8
2025-03-20 CVE-2024-8524 Unspecified vulnerability in Modelscope Agentscope 0.0.4
A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4.
network
low complexity
modelscope
7.5
7.5
2025-03-20 CVE-2024-8952 Unspecified vulnerability in Composio 0.4.2
A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint.
network
low complexity
composio
7.5
7.5
2025-03-20 CVE-2024-8966 Unspecified vulnerability in Gradio Video 0.10.2
A vulnerability in the file upload process of gradio-app/gradio version @gradio/[email protected] allows for a Denial of Service (DoS) attack.
network
low complexity
gradio
7.5
7.5
2025-03-20 CVE-2024-8998 Unspecified vulnerability in Lunary
A Regular Expression Denial of Service (ReDoS) vulnerability exists in lunary-ai/lunary version git f07a845.
network
low complexity
lunary
7.5
7.5
2025-03-20 CVE-2024-8999 Improper Access Control vulnerability in Lunary
lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint.
network
low complexity
lunary CWE-284
7.5
7.5