Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
141dcad7 by security tracker role at 2025-03-20T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,747 @@
+CVE-2025-30160 (Redlib is an alternative private front-end to Reddit. A
vulnerability ...)
+ TODO: check
+CVE-2025-2565 (The data exposure vulnerability in Liferay Portal 7.4.0 through
7.4.3. ...)
+ TODO: check
+CVE-2025-2557 (A vulnerability, which was classified as critical, has been
found in A ...)
+ TODO: check
+CVE-2025-2556 (A vulnerability classified as problematic was found in Audi UTR
Dashca ...)
+ TODO: check
+CVE-2025-2555 (A vulnerability classified as problematic has been found in
Audi Unive ...)
+ TODO: check
+CVE-2025-2553 (A vulnerability was found in D-Link DIR-618 and DIR-605L
2.02/3.02. It ...)
+ TODO: check
+CVE-2025-2552 (A vulnerability was found in D-Link DIR-618 and DIR-605L
2.02/3.02. It ...)
+ TODO: check
+CVE-2025-2551 (A vulnerability was found in D-Link DIR-618 and DIR-605L
2.02/3.02. It ...)
+ TODO: check
+CVE-2025-2550 (A vulnerability was found in D-Link DIR-618 and DIR-605L
2.02/3.02 and ...)
+ TODO: check
+CVE-2025-2549 (A vulnerability has been found in D-Link DIR-618 and DIR-605L
2.02/3.0 ...)
+ TODO: check
+CVE-2025-2548 (A vulnerability, which was classified as problematic, was found
in D-L ...)
+ TODO: check
+CVE-2025-2547 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-2546 (A vulnerability classified as problematic was found in D-Link
DIR-618 ...)
+ TODO: check
+CVE-2025-2539 (The File Away plugin for WordPress is vulnerable to
unauthorized acces ...)
+ TODO: check
+CVE-2025-2480 (Santesoft Sante DICOM Viewer Pro is vulnerable to an
out-of-bounds wri ...)
+ TODO: check
+CVE-2025-2311 (Incorrect Use of Privileged APIs, Cleartext Transmission of
Sensitive ...)
+ TODO: check
+CVE-2025-29980 (A SQL injection issue has been discovered in eTRAKiT.net
release 3.2.1 ...)
+ TODO: check
+CVE-2025-29923 (go-redis is the official Redis client library for the Go
programming l ...)
+ TODO: check
+CVE-2025-29922 (kcp is a Kubernetes-like control plane for form-factors and
use-cases ...)
+ TODO: check
+CVE-2025-29914 (OWASP Coraza WAF is a golang modsecurity compatible web
application fi ...)
+ TODO: check
+CVE-2025-29412 (A cross-site scripting (XSS) vulnerability in the Client
Profile Updat ...)
+ TODO: check
+CVE-2025-29411 (An arbitrary file upload vulnerability in the Client Profile
Update se ...)
+ TODO: check
+CVE-2025-29410 (A cross-site scripting (XSS) vulnerability in the component
/contact.p ...)
+ TODO: check
+CVE-2025-29218 (Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-29217 (Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-29215 (Tenda AX12 v22.03.01.46_CN was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-29214 (Tenda AX12 v22.03.01.46_CN was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-29149 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer
overflow ...)
+ TODO: check
+CVE-2025-29121 (A vulnerability was found in Tenda AC6 V15.03.05.16. The
vulnerability ...)
+ TODO: check
+CVE-2025-29101 (Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-26853 (DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a
broken au ...)
+ TODO: check
+CVE-2025-26852 (DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows
SQL Inje ...)
+ TODO: check
+CVE-2025-23120 (A vulnerability allowing remote code execution (RCE) for
domain users.)
+ TODO: check
+CVE-2025-1802 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
+ TODO: check
+CVE-2025-1796 (A vulnerability in langgenius/dify v0.10.1 allows an attacker
to take ...)
+ TODO: check
+CVE-2025-1496 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
+CVE-2025-1474 (In mlflow/mlflow version 2.18, an admin is able to create a new
user a ...)
+ TODO: check
+CVE-2025-1473 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the
Signup ...)
+ TODO: check
+CVE-2025-1451 (A vulnerability in parisneo/lollms-webui v13 arises from the
server's ...)
+ TODO: check
+CVE-2025-1040 (AutoGPT versions 0.3.4 and earlier are vulnerable to a
Server-Side Tem ...)
+ TODO: check
+CVE-2025-0655 (A vulnerability in man-group/dtale versions 3.15.1 allows an
attacker ...)
+ TODO: check
+CVE-2025-0628 (An improper authorization vulnerability exists in the
main-latest vers ...)
+ TODO: check
+CVE-2025-0508 (A vulnerability in the SageMaker Workflow component of
aws/sagemaker-p ...)
+ TODO: check
+CVE-2025-0454 (A Server-Side Request Forgery (SSRF) vulnerability was
identified in t ...)
+ TODO: check
+CVE-2025-0453 (In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is
vulnerable ...)
+ TODO: check
+CVE-2025-0452 (eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary
file del ...)
+ TODO: check
+CVE-2025-0330 (In berriai/litellm version v1.52.1, an issue in proxy_server.py
causes ...)
+ TODO: check
+CVE-2025-0317 (A vulnerability in ollama/ollama versions <=0.3.14 allows a
malicious ...)
+ TODO: check
+CVE-2025-0315 (A vulnerability in ollama/ollama <=0.3.14 allows a malicious
user to c ...)
+ TODO: check
+CVE-2025-0313 (A vulnerability in ollama/ollama versions <=0.3.14 allows a
malicious ...)
+ TODO: check
+CVE-2025-0312 (A vulnerability in ollama/ollama versions <=0.3.14 allows a
malicious ...)
+ TODO: check
+CVE-2025-0281 (A stored cross-site scripting (XSS) vulnerability exists in
lunary-ai/ ...)
+ TODO: check
+CVE-2025-0254 (HCL Digital Experience components Ring API and dxclient may be
vulnera ...)
+ TODO: check
+CVE-2025-0192 (A stored Cross-site Scripting (XSS) vulnerability exists in the
latest ...)
+ TODO: check
+CVE-2025-0191 (A Denial of Service (DoS) vulnerability exists in the file
upload feat ...)
+ TODO: check
+CVE-2025-0190 (In version 3.25.0 of aimhubio/aim, a denial of service
vulnerability e ...)
+ TODO: check
+CVE-2025-0189 (In version 3.25.0 of aimhubio/aim, the tracking server is
vulnerable t ...)
+ TODO: check
+CVE-2025-0188 (A Server-Side Request Forgery (SSRF) vulnerability was
discovered in g ...)
+ TODO: check
+CVE-2025-0187 (A Denial of Service (DoS) vulnerability was discovered in the
file upl ...)
+ TODO: check
+CVE-2025-0185 (A vulnerability in the Dify Tools' Vanna module of the
langgenius/dify ...)
+ TODO: check
+CVE-2025-0184 (A Server-Side Request Forgery (SSRF) vulnerability was
identified in l ...)
+ TODO: check
+CVE-2025-0183 (A stored cross-site scripting (XSS) vulnerability exists in the
Latex ...)
+ TODO: check
+CVE-2025-0182 (A vulnerability in danswer-ai/danswer version 0.9.0 allows for
denial ...)
+ TODO: check
+CVE-2024-9920 (In version v12 of parisneo/lollms-webui, the 'Send file to AL'
functio ...)
+ TODO: check
+CVE-2024-9919 (A missing authentication check in the uninstall endpoint of
parisneo/l ...)
+ TODO: check
+CVE-2024-9901 (LocalAI version v2.19.4
(af0545834fd565ab56af0b9348550ca9c3cb5349) con ...)
+ TODO: check
+CVE-2024-9900 (mudler/localai version v2.21.1 contains a Cross-Site Scripting
(XSS) v ...)
+ TODO: check
+CVE-2024-9880 (A command injection vulnerability exists in the
`pandas.DataFrame.quer ...)
+ TODO: check
+CVE-2024-9847 (FlatPress CMS version latest is vulnerable to Cross-Site
Request Forge ...)
+ TODO: check
+CVE-2024-9840 (A Denial of Service (DoS) vulnerability exists in
open-webui/open-webu ...)
+ TODO: check
+CVE-2024-9701 (A Remote Code Execution (RCE) vulnerability has been identified
in the ...)
+ TODO: check
+CVE-2024-9699 (A vulnerability in the file upload functionality of the
FlatPress CMS ...)
+ TODO: check
+CVE-2024-9617 (An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an
attacker ...)
+ TODO: check
+CVE-2024-9612 (In danswer-ai/danswer v0.3.94, administrators can set the
visibility o ...)
+ TODO: check
+CVE-2024-9606 (In berriai/litellm before version 1.44.12, the
`litellm/litellm_core_u ...)
+ TODO: check
+CVE-2024-9597 (A Path Traversal vulnerability exists in the `/wipe_database`
endpoint ...)
+ TODO: check
+CVE-2024-9447 (An information disclosure vulnerability exists in the latest
version o ...)
+ TODO: check
+CVE-2024-9439 (SuperAGI is vulnerable to remote code execution in the latest
version. ...)
+ TODO: check
+CVE-2024-9437 (SuperAGI version v0.0.14 is vulnerable to an unauthenticated
Denial of ...)
+ TODO: check
+CVE-2024-9431 (In version v0.0.14 of transformeroptimus/superagi, there is an
imprope ...)
+ TODO: check
+CVE-2024-9418 (In version 0.0.14 of transformeroptimus/superagi, the API
endpoint `/a ...)
+ TODO: check
+CVE-2024-9415 (A Path Traversal vulnerability exists in the file upload
functionality ...)
+ TODO: check
+CVE-2024-9365 (A Cross-Site Request Forgery (CSRF) vulnerability in
polyaxon/polyaxon ...)
+ TODO: check
+CVE-2024-9363 (An unauthorized file deletion vulnerability exists in the
latest versi ...)
+ TODO: check
+CVE-2024-9362 (An unauthenticated directory traversal vulnerability exists in
Polyaxo ...)
+ TODO: check
+CVE-2024-9340 (A Denial of Service (DoS) vulnerability in zenml-io/zenml
version 0.66 ...)
+ TODO: check
+CVE-2024-9311 (A Cross-Site Request Forgery (CSRF) vulnerability in
haotian-liu/llava ...)
+ TODO: check
+CVE-2024-9309 (A Server-Side Request Forgery (SSRF) vulnerability exists in
the POST ...)
+ TODO: check
+CVE-2024-9308 (An open redirect vulnerability in haotian-liu/llava version
v1.2.0 (LL ...)
+ TODO: check
+CVE-2024-9229 (A Denial of Service (DoS) vulnerability in the file upload
feature of ...)
+ TODO: check
+CVE-2024-9216 (An authentication bypass vulnerability exists in
gaizhenbiao/ChuanhuCh ...)
+ TODO: check
+CVE-2024-9159 (An incorrect authorization vulnerability exists in
gaizhenbiao/chuanhu ...)
+ TODO: check
+CVE-2024-9107 (A stored cross-site scripting (XSS) vulnerability exists in the
gaizhe ...)
+ TODO: check
+CVE-2024-9099 (In lunary-ai/lunary version v1.4.29, the GET /projects API
endpoint ex ...)
+ TODO: check
+CVE-2024-9098 (In lunary-ai/lunary before version 1.4.30, a privilege
escalation vuln ...)
+ TODO: check
+CVE-2024-9096 (In lunary-ai/lunary version 1.4.28, the /checklists/:id route
allows l ...)
+ TODO: check
+CVE-2024-9095 (In lunary-ai/lunary version v1.4.28, the /bigquery API route
lacks pro ...)
+ TODO: check
+CVE-2024-9070 (A deserialization vulnerability exists in BentoML's runner
server in b ...)
+ TODO: check
+CVE-2024-9056 (BentoML version v1.3.4post1 is vulnerable to a Denial of
Service (DoS) ...)
+ TODO: check
+CVE-2024-9053 (vllm-project vllm version 0.6.0 contains a vulnerability in the
AsyncE ...)
+ TODO: check
+CVE-2024-9052 (vllm-project vllm version 0.6.0 contains a vulnerability in the
distri ...)
+ TODO: check
+CVE-2024-9016 (man-group dtale version <= 3.13.1 contains a vulnerability
where the q ...)
+ TODO: check
+CVE-2024-9000 (In lunary-ai/lunary before version 1.4.26, the
checklists.post() endpo ...)
+ TODO: check
+CVE-2024-8999 (lunary-ai/lunary version v1.4.25 contains an improper access
control v ...)
+ TODO: check
+CVE-2024-8998 (A Regular Expression Denial of Service (ReDoS) vulnerability
exists in ...)
+ TODO: check
+CVE-2024-8984 (A Denial of Service (DoS) vulnerability exists in
berriai/litellm vers ...)
+ TODO: check
+CVE-2024-8982 (A Local File Inclusion (LFI) vulnerability in OpenLLM version
0.6.10 a ...)
+ TODO: check
+CVE-2024-8966 (A vulnerability in the file upload process of gradio-app/gradio
versio ...)
+ TODO: check
+CVE-2024-8958 (In composiohq/composio version 0.4.3, there is an unrestricted
file wr ...)
+ TODO: check
+CVE-2024-8955 (A Server-Side Request Forgery (SSRF) vulnerability exists in
composioh ...)
+ TODO: check
+CVE-2024-8954 (In composiohq/composio version 0.5.10, the API does not
validate the ` ...)
+ TODO: check
+CVE-2024-8953 (In composiohq/composio version 0.4.3, the
mathematical_calculator endp ...)
+ TODO: check
+CVE-2024-8952 (A Server-Side Request Forgery (SSRF) vulnerability exists in
composioh ...)
+ TODO: check
+CVE-2024-8898 (A path traversal vulnerability exists in the `install` and
`uninstall` ...)
+ TODO: check
+CVE-2024-8859 (A path traversal vulnerability exists in mlflow/mlflow version
2.15.1. ...)
+ TODO: check
+CVE-2024-8789 (Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular
Expres ...)
+ TODO: check
+CVE-2024-8769 (A vulnerability in the `LockManager.release_locks` function in
aimhubi ...)
+ TODO: check
+CVE-2024-8765 (In lunary-ai/lunary, the privilege check mechanism is flawed in
versio ...)
+ TODO: check
+CVE-2024-8764 (A vulnerability in lunary-ai/lunary, as of commit be54057,
allows user ...)
+ TODO: check
+CVE-2024-8763 (A Regular Expression Denial of Service (ReDoS) vulnerability
exists in ...)
+ TODO: check
+CVE-2024-8736 (A Denial of Service (DoS) vulnerability exists in multiple file
upload ...)
+ TODO: check
+CVE-2024-8616 (In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json`
endpoint a ...)
+ TODO: check
+CVE-2024-8613 (A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802
allows ...)
+ TODO: check
+CVE-2024-8581 (A vulnerability in the `upload_app` function of
parisneo/lollms-webui ...)
+ TODO: check
+CVE-2024-8556 (A stored cross-site scripting (XSS) vulnerability exists in
modelscope ...)
+ TODO: check
+CVE-2024-8551 (A path traversal vulnerability exists in the save-workflow and
load-wo ...)
+ TODO: check
+CVE-2024-8537 (A path traversal vulnerability exists in the
modelscope/agentscope app ...)
+ TODO: check
+CVE-2024-8524 (A directory traversal vulnerability exists in
modelscope/agentscope ve ...)
+ TODO: check
+CVE-2024-8502 (A vulnerability in the RpcAgentServerLauncher class of
modelscope/agen ...)
+ TODO: check
+CVE-2024-8501 (An arbitrary file download vulnerability exists in the
rpc_agent_clien ...)
+ TODO: check
+CVE-2024-8489 (A vulnerability in modelscope/agentscope, specifically in the
AgentSco ...)
+ TODO: check
+CVE-2024-8487 (A Cross-Origin Resource Sharing (CORS) vulnerability exists in
modelsc ...)
+ TODO: check
+CVE-2024-8438 (A path traversal vulnerability exists in modelscope/agentscope
version ...)
+ TODO: check
+CVE-2024-8400 (A stored cross-site scripting (XSS) vulnerability exists in the
latest ...)
+ TODO: check
+CVE-2024-8251 (A vulnerability in mintplex-labs/anything-llm prior to version
1.2.2 a ...)
+ TODO: check
+CVE-2024-8249 (mintplex-labs/anything-llm version git 6dc3642 contains an
unauthentic ...)
+ TODO: check
+CVE-2024-8248 (A vulnerability in the normalizePath function in
mintplex-labs/anythin ...)
+ TODO: check
+CVE-2024-8238 (In version 3.22.0 of aimhubio/aim, the AimQL query language
uses an ou ...)
+ TODO: check
+CVE-2024-8196 (In mintplex-labs/anything-llm v1.5.11 desktop version for
Windows, the ...)
+ TODO: check
+CVE-2024-8183 (A CORS (Cross-Origin Resource Sharing) misconfiguration in
prefecthq/p ...)
+ TODO: check
+CVE-2024-8156 (A command injection vulnerability exists in the
workflow-checker.yml w ...)
+ TODO: check
+CVE-2024-8101 (A stored cross-site scripting (XSS) vulnerability exists in the
Text E ...)
+ TODO: check
+CVE-2024-8099 (A Server-Side Request Forgery (SSRF) vulnerability exists in
the lates ...)
+ TODO: check
+CVE-2024-8065 (A Cross-Site Request Forgery (CSRF) vulnerability in version
v1.4.1 of ...)
+ TODO: check
+CVE-2024-8063 (A divide by zero vulnerability exists in ollama/ollama version
v0.3.3. ...)
+ TODO: check
+CVE-2024-8062 (A vulnerability in the typeahead endpoint of h2oai/h2o-3
version 3.46. ...)
+ TODO: check
+CVE-2024-8061 (In version 3.23.0 of aimhubio/aim, certain methods that request
data f ...)
+ TODO: check
+CVE-2024-8060 (OpenWebUI version 0.3.0 contains a vulnerability in the audio
API endp ...)
+ TODO: check
+CVE-2024-8057 (In version 0.4.1 of danswer-ai/danswer, a vulnerability exists
where a ...)
+ TODO: check
+CVE-2024-8055 (Vanna v0.6.3 is vulnerable to SQL injection via Snowflake
database in ...)
+ TODO: check
+CVE-2024-8053 (In version v0.3.10 of open-webui/open-webui, the
`api/v1/utils/pdf` en ...)
+ TODO: check
+CVE-2024-8029 (An XSS vulnerability was discovered in the upload file(s)
process of i ...)
+ TODO: check
+CVE-2024-8028 (A vulnerability in danswer-ai/danswer v0.3.94 allows an
attacker to ca ...)
+ TODO: check
+CVE-2024-8027 (A stored Cross-Site Scripting (XSS) vulnerability exists in
netease-yo ...)
+ TODO: check
+CVE-2024-8026 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the
backen ...)
+ TODO: check
+CVE-2024-8024 (A CORS misconfiguration vulnerability exists in
netease-youdao/qanythi ...)
+ TODO: check
+CVE-2024-8021 (An open redirect vulnerability exists in the latest version of
gradio- ...)
+ TODO: check
+CVE-2024-8020 (A vulnerability in lightning-ai/pytorch-lightning version 2.3.2
allows ...)
+ TODO: check
+CVE-2024-8019 (In lightning-ai/pytorch-lightning version 2.3.2, a
vulnerability exist ...)
+ TODO: check
+CVE-2024-8018 (A vulnerability in imartinez/privategpt version 0.5.0 allows
for a Den ...)
+ TODO: check
+CVE-2024-8017 (An XSS vulnerability exists in open-webui/open-webui versions
<= 0.3.8 ...)
+ TODO: check
+CVE-2024-7999 (A vulnerability in open-webui/open-webui version 79778fa allows
an att ...)
+ TODO: check
+CVE-2024-7990 (A stored cross-site scripting (XSS) vulnerability exists in
open-webui ...)
+ TODO: check
+CVE-2024-7983 (In version 0.3.8 of open-webui, an endpoint for converting
markdown to ...)
+ TODO: check
+CVE-2024-7959 (The `/openai/models` endpoint in open-webui/open-webui version
0.3.8 i ...)
+ TODO: check
+CVE-2024-7957 (An arbitrary file overwrite vulnerability exists in the
ZulipConnector ...)
+ TODO: check
+CVE-2024-7819 (A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows
attackers ...)
+ TODO: check
+CVE-2024-7806 (A vulnerability in open-webui/open-webui versions <= 0.3.8
allows remo ...)
+ TODO: check
+CVE-2024-7804 (A deserialization vulnerability exists in the Pytorch RPC
framework (t ...)
+ TODO: check
+CVE-2024-7779 (A vulnerability in danswer-ai/danswer version 1 allows an
attacker to ...)
+ TODO: check
+CVE-2024-7776 (A vulnerability in the `download_model` function of the
onnx/onnx fram ...)
+ TODO: check
+CVE-2024-7773 (A vulnerability in ollama/ollama version 0.1.37 allows for
remote code ...)
+ TODO: check
+CVE-2024-7771 (A vulnerability in the Dockerized version of
mintplex-labs/anything-ll ...)
+ TODO: check
+CVE-2024-7768 (A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3
versio ...)
+ TODO: check
+CVE-2024-7767 (An improper access control vulnerability exists in
danswer-ai/danswer ...)
+ TODO: check
+CVE-2024-7765 (In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where
uploadin ...)
+ TODO: check
+CVE-2024-7764 (Vanna-ai v0.6.2 is vulnerable to SQL Injection due to
insufficient pro ...)
+ TODO: check
+CVE-2024-7760 (aimhubio/aim version 3.22.0 contains a Cross-Site Request
Forgery (CSR ...)
+ TODO: check
+CVE-2024-7598 (A security issue was discovered in Kubernetes where a malicious
or com ...)
+ TODO: check
+CVE-2024-7476 (A broken access control vulnerability exists in
lunary-ai/lunary versi ...)
+ TODO: check
+CVE-2024-7058 (A vulnerability in the sanitize_path function in
parisneo/lollms-webui ...)
+ TODO: check
+CVE-2024-7053 (A vulnerability in open-webui/open-webui version 0.3.8 allows
an attac ...)
+ TODO: check
+CVE-2024-7046 (An improper access control vulnerability in
open-webui/open-webui v0.3 ...)
+ TODO: check
+CVE-2024-7045 (In version v0.3.8 of open-webui/open-webui, improper access
control vu ...)
+ TODO: check
+CVE-2024-7044 (A Stored Cross-Site Scripting (XSS) vulnerability exists in the
chat f ...)
+ TODO: check
+CVE-2024-7043 (An improper access control vulnerability in
open-webui/open-webui v0.3 ...)
+ TODO: check
+CVE-2024-7040 (In version v0.3.8 of open-webui/open-webui, there is an
improper acces ...)
+ TODO: check
+CVE-2024-7039 (In open-webui/open-webui version v0.3.8, there is an improper
privileg ...)
+ TODO: check
+CVE-2024-7036 (A vulnerability in open-webui/open-webui v0.3.8 allows an
unauthentica ...)
+ TODO: check
+CVE-2024-7035 (In version v0.3.8 of open-webui/open-webui, sensitive actions
such as ...)
+ TODO: check
+CVE-2024-7034 (In open-webui version 0.3.8, the endpoint `/models/upload` is
vulnerab ...)
+ TODO: check
+CVE-2024-7033 (In version 0.3.8 of open-webui/open-webui, an arbitrary file
write vul ...)
+ TODO: check
+CVE-2024-6986 (A Cross-site Scripting (XSS) vulnerability exists in the
Settings page ...)
+ TODO: check
+CVE-2024-6982 (A remote code execution vulnerability exists in the Calculate
function ...)
+ TODO: check
+CVE-2024-6866 (corydolphin/flask-cors version 4.01 contains a vulnerability
where the ...)
+ TODO: check
+CVE-2024-6863 (In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom
Encryptio ...)
+ TODO: check
+CVE-2024-6854 (In h2oai/h2o-3 version 3.46.0, the endpoint for exporting
models does ...)
+ TODO: check
+CVE-2024-6851 (In version 3.22.0 of aimhubio/aim, the
LocalFileManager._cleanup funct ...)
+ TODO: check
+CVE-2024-6844 (A vulnerability in corydolphin/flask-cors version 4.0.1 allows
for inc ...)
+ TODO: check
+CVE-2024-6842 (In version 1.5.5 of mintplex-labs/anything-llm, the
`/setup-complete` ...)
+ TODO: check
+CVE-2024-6841 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the
latest ...)
+ TODO: check
+CVE-2024-6839 (corydolphin/flask-cors version 4.0.1 contains an improper regex
path m ...)
+ TODO: check
+CVE-2024-6838 (In mlflow/mlflow version v2.13.2, a vulnerability exists that
allows t ...)
+ TODO: check
+CVE-2024-6829 (A vulnerability in aimhubio/aim version 3.19.3 allows an
attacker to e ...)
+ TODO: check
+CVE-2024-6827 (Gunicorn version 21.2.0 does not properly validate the value of
the 'T ...)
+ TODO: check
+CVE-2024-6825 (BerriAI/litellm version 1.40.12 contains a vulnerability that
allows r ...)
+ TODO: check
+CVE-2024-6583 (A path traversal vulnerability exists in the latest version of
stangir ...)
+ TODO: check
+CVE-2024-6577 (In the latest version of pytorch/serve, the script
'upload_results_to_ ...)
+ TODO: check
+CVE-2024-6483 (A vulnerability in the `runs/delete-batch` endpoint of
aimhubio/aim ve ...)
+ TODO: check
+CVE-2024-5752 (A path traversal vulnerability exists in stitionai/devika,
specificall ...)
+ TODO: check
+CVE-2024-57440 (D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer
Overflo ...)
+ TODO: check
+CVE-2024-4990 (In yiisoft/yii2 version 2.0.48, the base Component class
contains a vu ...)
+ TODO: check
+CVE-2024-4023 (A stored cross-site scripting (XSS) vulnerability exists in
flatpressb ...)
+ TODO: check
+CVE-2024-48591 (Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site
Scripting (XSS) ...)
+ TODO: check
+CVE-2024-48590 (Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side
Request Forger ...)
+ TODO: check
+CVE-2024-2292 (Due to a lack of access control, unauthorized users are able to
view a ...)
+ TODO: check
+CVE-2024-13923 (The Order Export & Order Import for WooCommerce plugin for
WordPress i ...)
+ TODO: check
+CVE-2024-13922 (The Order Export & Order Import for WooCommerce plugin for
WordPress i ...)
+ TODO: check
+CVE-2024-13921 (The Order Export & Order Import for WooCommerce plugin for
WordPress i ...)
+ TODO: check
+CVE-2024-13920 (The Order Export & Order Import for WooCommerce plugin for
WordPress i ...)
+ TODO: check
+CVE-2024-13558 (The NP Quote Request for WooCommerce plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-13060 (A vulnerability in AnythingLLM Docker version 1.3.1 allows
users with ...)
+ TODO: check
+CVE-2024-12911 (A vulnerability in the `default_jsonalyzer` function of the
`JSONalyze ...)
+ TODO: check
+CVE-2024-12910 (A vulnerability in the `KnowledgeBaseWebReader` class of the
run-llama ...)
+ TODO: check
+CVE-2024-12909 (A vulnerability in the FinanceChatLlamaPack of the
run-llama/llama_ind ...)
+ TODO: check
+CVE-2024-12886 (An Out-Of-Memory (OOM) vulnerability exists in the `ollama`
server ver ...)
+ TODO: check
+CVE-2024-12882 (comfyanonymous/comfyui version v0.2.4 suffers from a non-blind
Server- ...)
+ TODO: check
+CVE-2024-12880 (A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0
allows fo ...)
+ TODO: check
+CVE-2024-12871 (An XSS vulnerability in infiniflow/ragflow version 0.12.0
allows an at ...)
+ TODO: check
+CVE-2024-12870 (A stored cross-site scripting (XSS) vulnerability exists in
infiniflow ...)
+ TODO: check
+CVE-2024-12869 (In infiniflow/ragflow version v0.12.0, there is an improper
authentica ...)
+ TODO: check
+CVE-2024-12868 (In version 0.3.32 of open-webui, the application uses a
vulnerable ver ...)
+ TODO: check
+CVE-2024-12866 (A local file inclusion vulnerability exists in
netease-youdao/qanythin ...)
+ TODO: check
+CVE-2024-12864 (A Denial of Service (DoS) vulnerability was discovered in the
file upl ...)
+ TODO: check
+CVE-2024-12779 (A Server-Side Request Forgery (SSRF) vulnerability exists in
infiniflo ...)
+ TODO: check
+CVE-2024-12778 (A vulnerability in aimhubio/aim version 3.25.0 allows for a
denial of ...)
+ TODO: check
+CVE-2024-12777 (A vulnerability in aimhubio/aim version 3.25.0 allows for a
denial of ...)
+ TODO: check
+CVE-2024-12776 (In langgenius/dify v0.10.1, the `/forgot-password/resets`
endpoint doe ...)
+ TODO: check
+CVE-2024-12775 (langgenius/dify version 0.10.1 contains a Server-Side Request
Forgery ...)
+ TODO: check
+CVE-2024-12766 (parisneo/lollms-webui version V13 (feather) suffers from a
Server-Side ...)
+ TODO: check
+CVE-2024-12761 (A Denial of Service (DoS) vulnerability exists in the
brycedrennan/ima ...)
+ TODO: check
+CVE-2024-12760 (An open redirect vulnerability in bentoml/bentoml v1.3.9
allows a remo ...)
+ TODO: check
+CVE-2024-12759 (In bentoml/bentoml version 1.3.9, the `/login` endpoint of the
newly i ...)
+ TODO: check
+CVE-2024-12720 (A Regular Expression Denial of Service (ReDoS) vulnerability
was ident ...)
+ TODO: check
+CVE-2024-12704 (A vulnerability in the LangChainLLM class of the
run-llama/llama_index ...)
+ TODO: check
+CVE-2024-12580 (A vulnerability in danny-avila/librechat prior to version
0.7.6 allows ...)
+ TODO: check
+CVE-2024-12537 (In version 0.3.32 of open-webui/open-webui, the absence of
authenticat ...)
+ TODO: check
+CVE-2024-12534 (In version v0.3.32 of open-webui/open-webui, the application
allows us ...)
+ TODO: check
+CVE-2024-12450 (In infiniflow/ragflow versions 0.12.0, the `web_crawl`
function in `do ...)
+ TODO: check
+CVE-2024-12433 (A vulnerability in infiniflow/ragflow versions v0.12.0 allows
for remo ...)
+ TODO: check
+CVE-2024-12392 (A Server-Side Request Forgery (SSRF) vulnerability exists in
binary-hu ...)
+ TODO: check
+CVE-2024-12391 (A vulnerability in binary-husky/gpt_academic, as of commit
310122f, al ...)
+ TODO: check
+CVE-2024-12390 (A vulnerability in binary-husky/gpt_academic version git
310122f allow ...)
+ TODO: check
+CVE-2024-12389 (A path traversal vulnerability exists in
binary-husky/gpt_academic ver ...)
+ TODO: check
+CVE-2024-12388 (A vulnerability in binary-husky/gpt_academic version 310122f
allows fo ...)
+ TODO: check
+CVE-2024-12387 (A vulnerability in the binary-husky/gpt_academic repository,
as of com ...)
+ TODO: check
+CVE-2024-12376 (A Server-Side Request Forgery (SSRF) vulnerability was
identified in t ...)
+ TODO: check
+CVE-2024-12375 (A local file inclusion vulnerability was identified in
automatic1111/s ...)
+ TODO: check
+CVE-2024-12374 (A stored cross-site scripting (XSS) vulnerability exists in
automatic1 ...)
+ TODO: check
+CVE-2024-12217 (A vulnerability in the gradio-app/gradio repository, version
git 67e40 ...)
+ TODO: check
+CVE-2024-12216 (A vulnerability in the `ImageClassificationDataset.from_csv()`
API of ...)
+ TODO: check
+CVE-2024-12215 (In kedro-org/kedro version 0.19.8, the `pull_package()` API
function a ...)
+ TODO: check
+CVE-2024-12074 (A Denial of Service (DoS) vulnerability was discovered in the
file upl ...)
+ TODO: check
+CVE-2024-12070 (A Denial of Service (DoS) vulnerability exists in the file
upload feat ...)
+ TODO: check
+CVE-2024-12068 (A Server-Side Request Forgery (SSRF) vulnerability was
discovered in h ...)
+ TODO: check
+CVE-2024-12065 (A local file inclusion vulnerability exists in
haotian-liu/llava at co ...)
+ TODO: check
+CVE-2024-12063 (A Denial of Service (DoS) vulnerability exists in the file
upload feat ...)
+ TODO: check
+CVE-2024-12055 (A vulnerability in Ollama versions <=0.3.14 allows a malicious
user to ...)
+ TODO: check
+CVE-2024-12048 (An IDOR (Insecure Direct Object Reference) vulnerability
exists in tra ...)
+ TODO: check
+CVE-2024-12044 (A remote code execution vulnerability exists in
open-mmlab/mmdetection ...)
+ TODO: check
+CVE-2024-12039 (langgenius/dify version v0.10.1 contains a vulnerability where
there a ...)
+ TODO: check
+CVE-2024-12029 (A remote code execution vulnerability exists in
invoke-ai/invokeai ver ...)
+ TODO: check
+CVE-2024-11958 (A SQL injection vulnerability exists in the `duckdb_retriever`
compone ...)
+ TODO: check
+CVE-2024-11850 (A stored cross-site scripting (XSS) vulnerability exists in
the latest ...)
+ TODO: check
+CVE-2024-11824 (A stored cross-site scripting (XSS) vulnerability exists in
langgenius ...)
+ TODO: check
+CVE-2024-11822 (langgenius/dify version 0.9.1 contains a Server-Side Request
Forgery ( ...)
+ TODO: check
+CVE-2024-11821 (A privilege escalation vulnerability exists in langgenius/dify
version ...)
+ TODO: check
+CVE-2024-11603 (A Server-Side Request Forgery (SSRF) vulnerability exists in
lm-sys/fa ...)
+ TODO: check
+CVE-2024-11602 (A Cross-Origin Resource Sharing (CORS) vulnerability exists in
feast-d ...)
+ TODO: check
+CVE-2024-11449 (A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6)
allows ...)
+ TODO: check
+CVE-2024-11441 (A stored cross-site scripting (XSS) vulnerability exists in
Serge vers ...)
+ TODO: check
+CVE-2024-11302 (A missing check_access() function in the lollms_binding_infos
module o ...)
+ TODO: check
+CVE-2024-11301 (In lunary-ai/lunary before version 1.6.3, the application
allows the c ...)
+ TODO: check
+CVE-2024-11300 (In lunary-ai/lunary before version 1.6.3, an improper access
control v ...)
+ TODO: check
+CVE-2024-11173 (An unhandled exception in the danny-avila/librechat
repository, versio ...)
+ TODO: check
+CVE-2024-11172 (A vulnerability in danny-avila/librechat version git a1647d7
allows an ...)
+ TODO: check
+CVE-2024-11171 (In danny-avila/librechat version git 0c2a583, there is an
improper inp ...)
+ TODO: check
+CVE-2024-11170 (A vulnerability in danny-avila/librechat version git 81f2936
allows fo ...)
+ TODO: check
+CVE-2024-11169 (An unhandled exception in danny-avila/librechat version
3c94ff2 can le ...)
+ TODO: check
+CVE-2024-11167 (An improper access control vulnerability in
danny-avila/librechat vers ...)
+ TODO: check
+CVE-2024-11137 (An Insecure Direct Object Reference (IDOR) vulnerability
exists in the ...)
+ TODO: check
+CVE-2024-11045 (A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in
automatic111 ...)
+ TODO: check
+CVE-2024-11044 (An open redirect vulnerability in
automatic1111/stable-diffusion-webui ...)
+ TODO: check
+CVE-2024-11043 (A Denial of Service (DoS) vulnerability was discovered in the
/api/v1/ ...)
+ TODO: check
+CVE-2024-11042 (In invoke-ai/invokeai version v5.0.2, the web API `POST
/api/v1/images ...)
+ TODO: check
+CVE-2024-11041 (vllm-project vllm version v0.6.2 contains a vulnerability in
the Messa ...)
+ TODO: check
+CVE-2024-11040 (vllm-project vllm version 0.5.2.2 is vulnerable to Denial of
Service a ...)
+ TODO: check
+CVE-2024-11039 (A pickle deserialization vulnerability exists in the Latex
English err ...)
+ TODO: check
+CVE-2024-11037 (A path traversal vulnerability exists in
binary-husky/gpt_academic at ...)
+ TODO: check
+CVE-2024-11033 (A Denial of Service (DoS) vulnerability exists in the file
upload feat ...)
+ TODO: check
+CVE-2024-11031 (In version 3.83 of binary-husky/gpt_academic, a Server-Side
Request Fo ...)
+ TODO: check
+CVE-2024-11030 (GPT Academic version 3.83 is vulnerable to a Server-Side
Request Forge ...)
+ TODO: check
+CVE-2024-10986 (GPT Academic version 3.83 is vulnerable to a Local File Read
(LFI) vul ...)
+ TODO: check
+CVE-2024-10956 (GPT Academy version 3.83 in the binary-husky/gpt_academic
repository i ...)
+ TODO: check
+CVE-2024-10955 (A Regular Expression Denial of Service (ReDoS) vulnerability
exists in ...)
+ TODO: check
+CVE-2024-10954 (In the `manim` plugin of binary-husky/gpt_academic, versions
prior to ...)
+ TODO: check
+CVE-2024-10950 (In binary-husky/gpt_academic version <= 3.83, the plugin
`CodeInterpre ...)
+ TODO: check
+CVE-2024-10948 (A vulnerability in the upload function of
binary-husky/gpt_academic al ...)
+ TODO: check
+CVE-2024-10940 (A vulnerability in langchain-core versions >=0.1.17,<0.1.53,
>=0.2.0,< ...)
+ TODO: check
+CVE-2024-10935 (automatic1111/stable-diffusion-webui version 1.10.0 contains a
vulnera ...)
+ TODO: check
+CVE-2024-10912 (A Denial of Service (DoS) vulnerability exists in the file
upload feat ...)
+ TODO: check
+CVE-2024-10908 (An open redirect vulnerability in lm-sys/fastchat Release
v0.2.36 allo ...)
+ TODO: check
+CVE-2024-10907 (In lm-sys/fastchat Release v0.2.36, the server fails to handle
excessi ...)
+ TODO: check
+CVE-2024-10906 (In version 0.6.0 of eosphoros-ai/db-gpt, the `uvicorn` app
created by ...)
+ TODO: check
+CVE-2024-10902 (In eosphoros-ai/db-gpt version v0.6.0, the web API `POST
/v1/personal/ ...)
+ TODO: check
+CVE-2024-10901 (In eosphoros-ai/db-gpt version v0.6.0, the web API `POST
/api/v1/edito ...)
+ TODO: check
+CVE-2024-10835 (In eosphoros-ai/db-gpt version v0.6.0, the web API `POST
/api/v1/edito ...)
+ TODO: check
+CVE-2024-10834 (eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in
the RAG- ...)
+ TODO: check
+CVE-2024-10833 (eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an
arbitrary file w ...)
+ TODO: check
+CVE-2024-10831 (In eosphoros-ai/db-gpt version 0.6.0, the endpoint for
uploading files ...)
+ TODO: check
+CVE-2024-10830 (A Path Traversal vulnerability exists in the
eosphoros-ai/db-gpt versi ...)
+ TODO: check
+CVE-2024-10829 (A Denial of Service (DoS) vulnerability in the multipart
request bound ...)
+ TODO: check
+CVE-2024-10821 (A Denial of Service (DoS) vulnerability in the multipart
request bound ...)
+ TODO: check
+CVE-2024-10819 (A Cross-Site Request Forgery (CSRF) vulnerability in version
3.83 of b ...)
+ TODO: check
+CVE-2024-10812 (An open redirect vulnerability exists in
binary-husky/gpt_academic ver ...)
+ TODO: check
+CVE-2024-10762 (In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/
endpoint ...)
+ TODO: check
+CVE-2024-10727 (A reflected cross-site scripting (XSS) vulnerability exists in
phpipam ...)
+ TODO: check
+CVE-2024-10725 (A stored cross-site scripting (XSS) vulnerability exists in
phpipam/ph ...)
+ TODO: check
+CVE-2024-10724 (A stored cross-site scripting (XSS) vulnerability exists in
phpipam/ph ...)
+ TODO: check
+CVE-2024-10723 (A stored cross-site scripting (XSS) vulnerability was
discovered in ph ...)
+ TODO: check
+CVE-2024-10722 (A stored cross-site scripting (XSS) vulnerability exists in
phpipam/ph ...)
+ TODO: check
+CVE-2024-10721 (A stored cross-site scripting (XSS) vulnerability was
discovered in ph ...)
+ TODO: check
+CVE-2024-10720 (A stored cross-site scripting (XSS) vulnerability exists in
phpipam/ph ...)
+ TODO: check
+CVE-2024-10719 (A stored cross-site scripting (XSS) vulnerability exists in
phpipam ve ...)
+ TODO: check
+CVE-2024-10718 (In phpipam/phpipam version 1.5.1, the Secure attribute for
sensitive c ...)
+ TODO: check
+CVE-2024-10714 (A vulnerability in binary-husky/gpt_academic version 3.83
allows an at ...)
+ TODO: check
+CVE-2024-10713 (A vulnerability in szad670401/hyperlpr v3.0 allows for a
Denial of Ser ...)
+ TODO: check
+CVE-2024-10707 (gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by
a local ...)
+ TODO: check
+CVE-2024-10650 (An unauthenticated Denial of Service (DoS) vulnerability was
identifie ...)
+ TODO: check
+CVE-2024-10648 (A path traversal vulnerability exists in the Gradio Audio
component of ...)
+ TODO: check
+CVE-2024-10624 (A Regular Expression Denial of Service (ReDoS) vulnerability
exists in ...)
+ TODO: check
+CVE-2024-10572 (In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command
exposes classe ...)
+ TODO: check
+CVE-2024-10569 (A vulnerability in the dataframe component of
gradio-app/gradio (versi ...)
+ TODO: check
+CVE-2024-10553 (A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4
allows u ...)
+ TODO: check
+CVE-2024-10550 (A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3
version ...)
+ TODO: check
+CVE-2024-10549 (A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3
version 3.46 ...)
+ TODO: check
+CVE-2024-10513 (A path traversal vulnerability exists in the 'document uploads
manager ...)
+ TODO: check
+CVE-2024-10481 (A CSRF vulnerability exists in comfyanonymous/comfyui versions
up to v ...)
+ TODO: check
+CVE-2024-10457 (Multiple Server-Side Request Forgery (SSRF) vulnerabilities
were ident ...)
+ TODO: check
+CVE-2024-10366 (An improper access control vulnerability (IDOR) exists in the
delete a ...)
+ TODO: check
+CVE-2024-10363 (In version 0.7.5 of danny-avila/LibreChat, there is an
improper access ...)
+ TODO: check
+CVE-2024-10361 (An arbitrary file deletion vulnerability exists in
danny-avila/librech ...)
+ TODO: check
+CVE-2024-10359 (In danny-avila/librechat version v0.7.5-rc2, a vulnerability
exists in ...)
+ TODO: check
+CVE-2024-10330 (In lunary-ai/lunary version 1.5.6, the `/v1/evaluators/`
endpoint lack ...)
+ TODO: check
+CVE-2024-10275 (In version 1.5.5 of lunary-ai/lunary, a vulnerability exists
where adm ...)
+ TODO: check
+CVE-2024-10274 (An improper authorization vulnerability exists in
lunary-ai/lunary ver ...)
+ TODO: check
+CVE-2024-10273 (In lunary-ai/lunary v1.5.0, improper privilege management in
the model ...)
+ TODO: check
+CVE-2024-10272 (lunary-ai/lunary is vulnerable to broken access control in the
latest ...)
+ TODO: check
+CVE-2024-10267 (An information disclosure vulnerability exists in the latest
version o ...)
+ TODO: check
+CVE-2024-10264 (HTTP Request Smuggling vulnerability in
netease-youdao/qanything versi ...)
+ TODO: check
+CVE-2024-10252 (A vulnerability in langgenius/dify versions <=v0.9.1 allows
for code i ...)
+ TODO: check
+CVE-2024-10225 (A vulnerability in haotian-liu/llava v1.2.0 allows an attacker
to caus ...)
+ TODO: check
+CVE-2024-10190 (Horovod versions up to and including v0.28.1 are vulnerable to
unauthe ...)
+ TODO: check
+CVE-2024-10188 (A vulnerability in BerriAI/litellm, as of commit 26c03c9,
allows unaut ...)
+ TODO: check
+CVE-2024-10110 (In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter
object ...)
+ TODO: check
+CVE-2024-10109 (A vulnerability in the mintplex-labs/anything-llm repository,
as of co ...)
+ TODO: check
+CVE-2024-10096 (Dask versions <=2024.8.2 contain a vulnerability in the Dask
Distribut ...)
+ TODO: check
+CVE-2024-10051 (Realchar version v0.0.4 is vulnerable to an unauthenticated
denial of ...)
+ TODO: check
+CVE-2024-10047 (parisneo/lollms-webui versions v9.9 to the latest are
vulnerable to a ...)
+ TODO: check
+CVE-2024-10019 (A vulnerability in the `start_app_server` function of
parisneo/lollms- ...)
+ TODO: check
+CVE-2024-0640 (A stored cross-site scripting (XSS) vulnerability exists in
chatwoot/c ...)
+ TODO: check
+CVE-2024-0245 (A misconfiguration in the AndroidManifest.xml file in
hamza417/inure b ...)
+ TODO: check
CVE-2025-30259 (The WhatsApp cloud service before late 2024 did not block
certain craf ...)
NOT-FOR-US: WhatsApp
CVE-2025-30092 (Intrexx Portal Server 12.x <= 12.0.2 and 11.x <= 11.9.2 allows
XSS in ...)
@@ -165,11 +909,11 @@ CVE-2024-12137 (Authentication Bypass by Capture-replay
vulnerability in Elfatek
NOT-FOR-US: Elfatek Elektronics
CVE-2024-12136 (Missing Critical Step in Authentication vulnerability in
Elfatek Elekt ...)
NOT-FOR-US: Elfatek Elektronics
-CVE-2025-27888
+CVE-2025-27888 (Severity: medium (5.8) / important Server-Side Request
Forgery (SSRF) ...)
- druid <itp> (bug #825797)
-CVE-2024-54016
+CVE-2024-54016 (Improper Handling of Highly Compressed Data (Data
Amplification) vulne ...)
NOT-FOR-US: Apache Seata
-CVE-2024-47552
+CVE-2024-47552 (Deserialization of Untrusted Data vulnerability in Apache
Seata (incub ...)
NOT-FOR-US: Apache Seata
CVE-2025-27018 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Apache Airflow MySQL Provider
@@ -1092,35 +1836,35 @@ CVE-2024-11235
- php8.4 8.4.5-1
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477
CVE-2025-1861
- {DSA-5878-1}
+ {DSA-5878-1 DLA-4088-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff
NOTE: Fixed by:
https://github.com/php/php-src/commit/ac1a054bb3eb5994a199e8b18cca28cbabf5943e
(php-8.1.32)
CVE-2025-1736
- {DSA-5878-1}
+ {DSA-5878-1 DLA-4088-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528
NOTE: Fixed by:
https://github.com/php/php-src/commit/41d49abbd99dab06cdae4834db664435f8177174
(php-8.1.32)
CVE-2025-1734
- {DSA-5878-1}
+ {DSA-5878-1 DLA-4088-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44
NOTE: Fixed by:
https://github.com/php/php-src/commit/0548c4c1756724a89ef8310709419b08aadb2b3b
(php-8.1.32)
CVE-2025-1219
- {DSA-5878-1}
+ {DSA-5878-1 DLA-4088-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc
NOTE: Fixed by:
https://github.com/php/php-src/commit/b6004a043c16b211d462218fbb3f72db68ec2b18
(php-8.1.32)
CVE-2025-1217
- {DSA-5878-1}
+ {DSA-5878-1 DLA-4088-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
@@ -3558,7 +4302,7 @@ CVE-2025-27510 (conda-forge-metadata provides programatic
access to conda-forge'
NOT-FOR-US: conda-forge-metadata
CVE-2025-26319 (FlowiseAI Flowise v2.2.6 was discovered to contain an
arbitrary file u ...)
NOT-FOR-US: FlowiseAI Flowise
-CVE-2025-26318 (Insecure permissions in TSplus Remote Access v17.30 allow
attackers to ...)
+CVE-2025-26318 (hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows
remote a ...)
NOT-FOR-US: TSplus Remote Access
CVE-2025-26136 (A SQL injection vulnerability exists in mysiteforme versions
prior to ...)
NOT-FOR-US: mysiteforme
@@ -12499,7 +13243,7 @@ CVE-2025-24036 (Microsoft AutoUpdate (MAU) Elevation of
Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2025-23403 (A vulnerability has been identified in SIMATIC IPC DiagBase
(All versi ...)
NOT-FOR-US: Siemens
-CVE-2025-23363 (A vulnerability has been identified in Teamcenter (All
versions). The ...)
+CVE-2025-23363 (A vulnerability has been identified in Teamcenter V14.1 (All
versions) ...)
NOT-FOR-US: Siemens
CVE-2025-22467 (A stack-based buffer overflow in Ivanti Connect Secure before
version ...)
NOT-FOR-US: Ivanti
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/141dcad772551d24cf1df22f19b5ceed5b4edb27
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/141dcad772551d24cf1df22f19b5ceed5b4edb27
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
