Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9900 | 2025-03-20 | N/A | 5.4 MEDIUM | ||
| mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts in the context of the victim's browser, potentially compromising user sessions, stealing session cookies, redirecting users to malicious websites, or manipulating the DOM. | |||||
| CVE-2024-12388 | 2025-03-20 | N/A | 6.5 MEDIUM | ||
| A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. This allows an attacker to send a small malicious payload to the server, causing it to become unresponsive and unable to handle any requests from other users. | |||||
| CVE-2024-11169 | 2025-03-20 | N/A | 7.5 HIGH | ||
| An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially crafted request, causing the server to crash. The vulnerability is fixed in version 0.7.6. | |||||
| CVE-2025-22870 | 2025-03-18 | N/A | 4.4 MEDIUM | ||
| Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied. | |||||
| CVE-2025-25069 | 2025-02-13 | N/A | 6.5 MEDIUM | ||
| A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained with SSRF. It is similiar to CVE-2016-10517 in Redis. This issue affects Apache Kvrocks: from the initial version to the latest version 2.11.0. Users are recommended to upgrade to version 2.11.1, which fixes the issue. | |||||
| CVE-2023-32260 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service Management Automation X (SMAX) versions: 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11, 2023.05; Asset Management X (AMX) versions: 2021.08, 2021.11, 2022.05, 2022.11, 2023.05; and Hybrid Cloud Management X (HCMX) versions: 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11, 2023.05. | |||||
| CVE-2023-32228 | 2024-11-21 | N/A | 4.6 MEDIUM | ||
| A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user. | |||||
| CVE-2023-0880 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 8.3 HIGH |
| Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | |||||
| CVE-2022-3224 | 1 Parse-url Project | 1 Parse-url | 2024-11-21 | N/A | 6.1 MEDIUM |
| Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0. | |||||
| CVE-2021-21366 | 2 Debian, Xmldom Project | 2 Debian Linux, Xmldom | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This is fixed in version 0.5.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents. | |||||
| CVE-2020-27846 | 4 Fedoraproject, Grafana, Redhat and 1 more | 6 Fedora, Grafana, Enterprise Linux and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||