The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-3803 | A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408. This vulnerability affects unknown code of the file /Public/webuploader/0.1.5/server/fileupload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | -- | Apr 16, 2024 |
| CVE-2024-3764 | ** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 5.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-260604. NOTE: The vendor explains that a malicious actor would have to crack TLS first or use a legitimate login to initiate the attack. | -- | Apr 16, 2024 |
| CVE-2024-3672 | The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s \'all-items\' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as \'classes\'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | -- | Apr 16, 2024 |
| CVE-2024-3660 | A arbitrary code injection vulnerability in TensorFlow\'s Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application. | -- | Apr 16, 2024 |
| CVE-2024-3575 | Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb | -- | Apr 16, 2024 |
| CVE-2024-3574 | In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking. | -- | Apr 16, 2024 |
| CVE-2024-3573 | mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the \'is_local_uri\' function\'s failure to properly handle URIs with empty or \'file\' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted \'source\' parameters, enabling the reading of sensitive files within at least two directory levels from the server\'s root. | -- | Apr 16, 2024 |
| CVE-2024-3572 | The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, or circumvent firewalls by submitting specially crafted XML data. | -- | Apr 16, 2024 |
| CVE-2024-3571 | langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory (\'Path Traversal\') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. The issue lies in the handling of file paths in the mset and mget methods, where user-supplied input is not adequately sanitized, allowing directory traversal sequences to reach unintended directories. | -- | Apr 16, 2024 |
| CVE-2024-3493 | A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation\'s ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices. | -- | Apr 16, 2024 |
| CVE-2024-3400 | A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | -- | Apr 16, 2024 |
| CVE-2024-3367 | Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p25 and <2.3.0b5 allows local attacker to inject one argument to runmqsc | -- | Apr 16, 2024 |
| CVE-2024-3302 | There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125 and Firefox ESR < 115.10. | -- | Apr 16, 2024 |
| CVE-2024-3271 | A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by crafting input that does not contain an underscore but still results in the execution of OS commands. The vulnerability allows for remote code execution (RCE) on the server hosting the application. | -- | Apr 16, 2024 |
| CVE-2024-3243 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary test emails. | -- | Apr 16, 2024 |
| CVE-2024-3067 | The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the \'id\' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can also be used by unauthenticated attackers to inject malicious web scripts. | -- | Apr 16, 2024 |
| CVE-2024-3029 | In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the \'/system/enable-multi-user\' endpoint. This triggers an error that is caught by a catch block, which in turn deletes all users and disables the \'multi_user_mode\'. The vulnerability allows an attacker to remove all existing users and potentially create a new admin user without requiring a password, leading to unauthorized access and control over the application. | -- | Apr 16, 2024 |
| CVE-2024-3028 | mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the \'logo_filename\' parameter in the \'system-preferences\' API endpoint, an attacker can construct requests to read sensitive files or the application\'s \'.env\' file, and even delete files by setting the \'logo_filename\' to the path of the target file and invoking the \'remove-logo\' API endpoint. This vulnerability is due to the lack of proper sanitization of user-supplied input. | -- | Apr 16, 2024 |
| CVE-2024-2912 | An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is triggered when a serialized object, crafted to execute OS commands upon deserialization, is sent to any valid BentoML endpoint. This issue poses a significant security risk, enabling attackers to compromise the server and potentially gain unauthorized access or control. | -- | Apr 16, 2024 |
| CVE-2024-2424 | An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. If exploited, the availability of the device will be impacted, and a manual restart is required. Additionally, a malformed PTP packet is needed to exploit this vulnerability. | -- | Apr 16, 2024 |
| CVE-2024-2260 | A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim\'s JWT token. | -- | Apr 16, 2024 |
| CVE-2024-2083 | A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the \'logs\' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory. | -- | Apr 16, 2024 |
| CVE-2024-1961 | vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Attackers can exploit this vulnerability to write arbitrary files anywhere in the file system by manipulating the \'artifact_path\' parameter. This flaw can lead to Remote Code Execution (RCE) by overwriting critical files, such as the application\'s configuration file, especially when the application is run outside of Docker. The vulnerability is present in the NFSController.java and NFSService.java components of the application. | -- | Apr 16, 2024 |
| CVE-2024-1739 | lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the case of the email characters. For example, accounts for \'abc@gmail.com\' and \'Abc@gmail.com\' can both be created, leading to potential impersonation and confusion among users. | -- | Apr 16, 2024 |
| CVE-2024-1738 | An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint. This vulnerability allows unauthorized users to retrieve the results of any organization\'s evaluation by simply knowing the evaluation ID, due to the lack of project ID verification in the SQL query. As a result, attackers can gain access to potentially private data contained within the evaluation results. | -- | Apr 16, 2024 |
| CVE-2024-1666 | In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result, attackers can bypass the intended account upgrade requirement by directly sending crafted requests to the server, enabling the creation of an unlimited number of radars without payment. | -- | Apr 16, 2024 |
| CVE-2024-1665 | lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluation creation due to missing server-side checks for user account status during evaluation creation. While the web UI restricts evaluation creation to paid accounts, the server-side API endpoint \'/v1/evaluations\' does not verify if the user has a paid account, allowing users with free or self-hosted accounts to create unlimited evaluations without upgrading their account. This vulnerability is due to the lack of account status validation in the evaluation creation process. | -- | Apr 16, 2024 |
| CVE-2024-1646 | parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not \'0.0.0.0\' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as \'/restart_program\', \'/update_software\', \'/check_update\', \'/start_recording\', and \'/stop_recording\'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration. | -- | Apr 16, 2024 |
| CVE-2024-1626 | An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly referencing the project\'s ID in the PATCH request to the \'/v1/projects/:projectId\' endpoint. This issue arises because the endpoint does not verify if the provided project ID belongs to the currently authenticated user, enabling unauthorized modifications across different organizational projects. | -- | Apr 16, 2024 |
| CVE-2024-1601 | An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the `/delete_discussion` endpoint, which internally calls the vulnerable `delete_discussion()` function. By sending a specially crafted payload in the \'id\' parameter, an attacker can manipulate SQL queries to delete all records from the \'discussion\' and \'message\' tables. This issue is due to improper neutralization of special elements used in an SQL command. | -- | Apr 16, 2024 |
| CVE-2024-1594 | A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to read arbitrary files on the server in the context of the server\'s process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect. | -- | Apr 16, 2024 |
| CVE-2024-1593 | A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the \';\' character in URLs, attackers can manipulate the \'params\' portion of the URL to gain unauthorized access to files or directories. This vulnerability allows for arbitrary data smuggling into the \'params\' part of the URL, enabling attacks similar to those described in previous reports but utilizing the \';\' character for parameter smuggling. Successful exploitation could lead to unauthorized information disclosure or server compromise. | -- | Apr 16, 2024 |
| CVE-2024-1569 | parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software. | -- | Apr 16, 2024 |
| CVE-2024-1561 | An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables. | -- | Apr 16, 2024 |
| CVE-2024-1560 | A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server\'s filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831. | -- | Apr 16, 2024 |
| CVE-2024-1558 | A path traversal vulnerability exists in the `_create_model_version()` function within `server/handlers.py` of the mlflow/mlflow repository, due to improper validation of the `source` parameter. Attackers can exploit this vulnerability by crafting a `source` parameter that bypasses the `_validate_non_local_source_contains_relative_paths(source)` function\'s checks, allowing for arbitrary file read access on the server. The issue arises from the handling of unquoted URL characters and the subsequent misuse of the original `source` value for model version creation, leading to the exposure of sensitive files when interacting with the `/model-versions/get-artifact` handler. | -- | Apr 16, 2024 |
| CVE-2024-1483 | A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted \'artifact_location\' and \'source\' parameters, using a local URI with \'#\' instead of \'?\', an attacker can traverse the server\'s directory structure. The issue occurs due to insufficient validation of user-supplied input in the server\'s handlers. | -- | Apr 16, 2024 |
| CVE-2024-1456 | An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket \'http://s3.amazonaws.com/h2o-training\', which was found to be vulnerable to unauthorized takeover. | -- | Apr 16, 2024 |
| CVE-2024-1357 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\'s aux_timeline shortcode in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping on user supplied attributes such as thumb_mode and date_type. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | -- | Apr 16, 2024 |
| CVE-2024-1183 | An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the \'file\' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a \'Location\' header or a \'File not allowed\' error in the response. | -- | Apr 16, 2024 |
| CVE-2024-1135 | Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn\'s handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure. | -- | Apr 16, 2024 |
| CVE-2024-0549 | mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as \'anythingllm.db\'. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability. | -- | Apr 16, 2024 |
| CVE-2024-0404 | A mass assignment vulnerability exists in the `/api/invite/:code` endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker can add a `role` property with `admin` value, thereby gaining administrative access. This issue arises due to the lack of property allowlisting and blocklisting, enabling the attacker to exploit the system and perform actions as an administrator. | -- | Apr 16, 2024 |
| CVE-2023-51391 | A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service. | -- | Apr 16, 2024 |
| CVE-2023-50872 | The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions Vendor says that it\'s not a security issue. | -- | Apr 16, 2024 |
| CVE-2023-45503 | SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints. | -- | Apr 16, 2024 |
| CVE-2023-45000 | Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7. | -- | Apr 16, 2024 |
| CVE-2023-40000 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7. | -- | Apr 16, 2024 |
| CVE-2023-33806 | Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands. | -- | Apr 16, 2024 |
| CVE-2020-22540 | Stored Cross-Site Scripting (XSS) vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive information via crafted payload to Category name component. | -- | Apr 16, 2024 |
