Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-20 | CVE-2024-9096 | Improper Authorization vulnerability in Lunary 1.4.28 In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to modify checklists by sending a PATCH request. | 7.1 |
| 2025-03-20 | CVE-2024-9099 | Exposure of Sensitive Information Through Metadata vulnerability in Lunary 1.4.29 In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. | 8.1 |
| 2025-03-20 | CVE-2024-9606 | Improper Output Neutralization for Logs vulnerability in Litellm In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. | 7.5 |
| 2025-03-20 | CVE-2024-9920 | Unrestricted Upload of File with Dangerous Type vulnerability in Lollms web UI 12 In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. | 8.8 |
| 2025-03-20 | CVE-2025-0185 | Code Injection vulnerability in Dify A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. | 8.8 |
| 2025-03-20 | CVE-2025-0189 | Resource Exhaustion vulnerability in Aimstack AIM 3.25.0 In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. | 7.5 |
| 2025-03-20 | CVE-2025-0190 | Excessive Data Query Operations in a Large Data Table vulnerability in Aimstack AIM 3.25.0 In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. | 7.5 |
| 2025-03-20 | CVE-2025-0312 | NULL Pointer Dereference vulnerability in Ollama A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. | 7.5 |
| 2025-03-20 | CVE-2025-0313 | Improper Validation of Array Index vulnerability in Ollama A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a GGUF model that can cause a denial of service (DoS) attack. | 7.5 |
| 2025-03-20 | CVE-2025-0315 | Allocation of Resources Without Limits or Throttling vulnerability in Ollama A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. | 7.5 |