[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 20 20:12:14 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
141dcad7 by security tracker role at 2025-03-20T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,747 @@
+CVE-2025-30160 (Redlib is an alternative private front-end to Reddit. A vulnerability ...)
+ TODO: check
+CVE-2025-2565 (The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3. ...)
+ TODO: check
+CVE-2025-2557 (A vulnerability, which was classified as critical, has been found in A ...)
+ TODO: check
+CVE-2025-2556 (A vulnerability classified as problematic was found in Audi UTR Dashca ...)
+ TODO: check
+CVE-2025-2555 (A vulnerability classified as problematic has been found in Audi Unive ...)
+ TODO: check
+CVE-2025-2553 (A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It ...)
+ TODO: check
+CVE-2025-2552 (A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It ...)
+ TODO: check
+CVE-2025-2551 (A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It ...)
+ TODO: check
+CVE-2025-2550 (A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and ...)
+ TODO: check
+CVE-2025-2549 (A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.0 ...)
+ TODO: check
+CVE-2025-2548 (A vulnerability, which was classified as problematic, was found in D-L ...)
+ TODO: check
+CVE-2025-2547 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-2546 (A vulnerability classified as problematic was found in D-Link DIR-618 ...)
+ TODO: check
+CVE-2025-2539 (The File Away plugin for WordPress is vulnerable to unauthorized acces ...)
+ TODO: check
+CVE-2025-2480 (Santesoft Sante DICOM Viewer Pro is vulnerable to an out-of-bounds wri ...)
+ TODO: check
+CVE-2025-2311 (Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive ...)
+ TODO: check
+CVE-2025-29980 (A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1 ...)
+ TODO: check
+CVE-2025-29923 (go-redis is the official Redis client library for the Go programming l ...)
+ TODO: check
+CVE-2025-29922 (kcp is a Kubernetes-like control plane for form-factors and use-cases ...)
+ TODO: check
+CVE-2025-29914 (OWASP Coraza WAF is a golang modsecurity compatible web application fi ...)
+ TODO: check
+CVE-2025-29412 (A cross-site scripting (XSS) vulnerability in the Client Profile Updat ...)
+ TODO: check
+CVE-2025-29411 (An arbitrary file upload vulnerability in the Client Profile Update se ...)
+ TODO: check
+CVE-2025-29410 (A cross-site scripting (XSS) vulnerability in the component /contact.p ...)
+ TODO: check
+CVE-2025-29218 (Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2025-29217 (Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2025-29215 (Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2025-29214 (Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2025-29149 (Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2025-29121 (A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability ...)
+ TODO: check
+CVE-2025-29101 (Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2025-26853 (DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken au ...)
+ TODO: check
+CVE-2025-26852 (DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Inje ...)
+ TODO: check
+CVE-2025-23120 (A vulnerability allowing remote code execution (RCE) for domain users.)
+ TODO: check
+CVE-2025-1802 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...)
+ TODO: check
+CVE-2025-1796 (A vulnerability in langgenius/dify v0.10.1 allows an attacker to take ...)
+ TODO: check
+CVE-2025-1496 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
+ TODO: check
+CVE-2025-1474 (In mlflow/mlflow version 2.18, an admin is able to create a new user a ...)
+ TODO: check
+CVE-2025-1473 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup ...)
+ TODO: check
+CVE-2025-1451 (A vulnerability in parisneo/lollms-webui v13 arises from the server's ...)
+ TODO: check
+CVE-2025-1040 (AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Tem ...)
+ TODO: check
+CVE-2025-0655 (A vulnerability in man-group/dtale versions 3.15.1 allows an attacker ...)
+ TODO: check
+CVE-2025-0628 (An improper authorization vulnerability exists in the main-latest vers ...)
+ TODO: check
+CVE-2025-0508 (A vulnerability in the SageMaker Workflow component of aws/sagemaker-p ...)
+ TODO: check
+CVE-2025-0454 (A Server-Side Request Forgery (SSRF) vulnerability was identified in t ...)
+ TODO: check
+CVE-2025-0453 (In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable ...)
+ TODO: check
+CVE-2025-0452 (eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file del ...)
+ TODO: check
+CVE-2025-0330 (In berriai/litellm version v1.52.1, an issue in proxy_server.py causes ...)
+ TODO: check
+CVE-2025-0317 (A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious ...)
+ TODO: check
+CVE-2025-0315 (A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to c ...)
+ TODO: check
+CVE-2025-0313 (A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious ...)
+ TODO: check
+CVE-2025-0312 (A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious ...)
+ TODO: check
+CVE-2025-0281 (A stored cross-site scripting (XSS) vulnerability exists in lunary-ai/ ...)
+ TODO: check
+CVE-2025-0254 (HCL Digital Experience components Ring API and dxclient may be vulnera ...)
+ TODO: check
+CVE-2025-0192 (A stored Cross-site Scripting (XSS) vulnerability exists in the latest ...)
+ TODO: check
+CVE-2025-0191 (A Denial of Service (DoS) vulnerability exists in the file upload feat ...)
+ TODO: check
+CVE-2025-0190 (In version 3.25.0 of aimhubio/aim, a denial of service vulnerability e ...)
+ TODO: check
+CVE-2025-0189 (In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable t ...)
+ TODO: check
+CVE-2025-0188 (A Server-Side Request Forgery (SSRF) vulnerability was discovered in g ...)
+ TODO: check
+CVE-2025-0187 (A Denial of Service (DoS) vulnerability was discovered in the file upl ...)
+ TODO: check
+CVE-2025-0185 (A vulnerability in the Dify Tools' Vanna module of the langgenius/dify ...)
+ TODO: check
+CVE-2025-0184 (A Server-Side Request Forgery (SSRF) vulnerability was identified in l ...)
+ TODO: check
+CVE-2025-0183 (A stored cross-site scripting (XSS) vulnerability exists in the Latex ...)
+ TODO: check
+CVE-2025-0182 (A vulnerability in danswer-ai/danswer version 0.9.0 allows for denial ...)
+ TODO: check
+CVE-2024-9920 (In version v12 of parisneo/lollms-webui, the 'Send file to AL' functio ...)
+ TODO: check
+CVE-2024-9919 (A missing authentication check in the uninstall endpoint of parisneo/l ...)
+ TODO: check
+CVE-2024-9901 (LocalAI version v2.19.4 (af0545834fd565ab56af0b9348550ca9c3cb5349) con ...)
+ TODO: check
+CVE-2024-9900 (mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) v ...)
+ TODO: check
+CVE-2024-9880 (A command injection vulnerability exists in the `pandas.DataFrame.quer ...)
+ TODO: check
+CVE-2024-9847 (FlatPress CMS version latest is vulnerable to Cross-Site Request Forge ...)
+ TODO: check
+CVE-2024-9840 (A Denial of Service (DoS) vulnerability exists in open-webui/open-webu ...)
+ TODO: check
+CVE-2024-9701 (A Remote Code Execution (RCE) vulnerability has been identified in the ...)
+ TODO: check
+CVE-2024-9699 (A vulnerability in the file upload functionality of the FlatPress CMS ...)
+ TODO: check
+CVE-2024-9617 (An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker ...)
+ TODO: check
+CVE-2024-9612 (In danswer-ai/danswer v0.3.94, administrators can set the visibility o ...)
+ TODO: check
+CVE-2024-9606 (In berriai/litellm before version 1.44.12, the `litellm/litellm_core_u ...)
+ TODO: check
+CVE-2024-9597 (A Path Traversal vulnerability exists in the `/wipe_database` endpoint ...)
+ TODO: check
+CVE-2024-9447 (An information disclosure vulnerability exists in the latest version o ...)
+ TODO: check
+CVE-2024-9439 (SuperAGI is vulnerable to remote code execution in the latest version. ...)
+ TODO: check
+CVE-2024-9437 (SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of ...)
+ TODO: check
+CVE-2024-9431 (In version v0.0.14 of transformeroptimus/superagi, there is an imprope ...)
+ TODO: check
+CVE-2024-9418 (In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/a ...)
+ TODO: check
+CVE-2024-9415 (A Path Traversal vulnerability exists in the file upload functionality ...)
+ TODO: check
+CVE-2024-9365 (A Cross-Site Request Forgery (CSRF) vulnerability in polyaxon/polyaxon ...)
+ TODO: check
+CVE-2024-9363 (An unauthorized file deletion vulnerability exists in the latest versi ...)
+ TODO: check
+CVE-2024-9362 (An unauthenticated directory traversal vulnerability exists in Polyaxo ...)
+ TODO: check
+CVE-2024-9340 (A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66 ...)
+ TODO: check
+CVE-2024-9311 (A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava ...)
+ TODO: check
+CVE-2024-9309 (A Server-Side Request Forgery (SSRF) vulnerability exists in the POST ...)
+ TODO: check
+CVE-2024-9308 (An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LL ...)
+ TODO: check
+CVE-2024-9229 (A Denial of Service (DoS) vulnerability in the file upload feature of ...)
+ TODO: check
+CVE-2024-9216 (An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuCh ...)
+ TODO: check
+CVE-2024-9159 (An incorrect authorization vulnerability exists in gaizhenbiao/chuanhu ...)
+ TODO: check
+CVE-2024-9107 (A stored cross-site scripting (XSS) vulnerability exists in the gaizhe ...)
+ TODO: check
+CVE-2024-9099 (In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint ex ...)
+ TODO: check
+CVE-2024-9098 (In lunary-ai/lunary before version 1.4.30, a privilege escalation vuln ...)
+ TODO: check
+CVE-2024-9096 (In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows l ...)
+ TODO: check
+CVE-2024-9095 (In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks pro ...)
+ TODO: check
+CVE-2024-9070 (A deserialization vulnerability exists in BentoML's runner server in b ...)
+ TODO: check
+CVE-2024-9056 (BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) ...)
+ TODO: check
+CVE-2024-9053 (vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncE ...)
+ TODO: check
+CVE-2024-9052 (vllm-project vllm version 0.6.0 contains a vulnerability in the distri ...)
+ TODO: check
+CVE-2024-9016 (man-group dtale version <= 3.13.1 contains a vulnerability where the q ...)
+ TODO: check
+CVE-2024-9000 (In lunary-ai/lunary before version 1.4.26, the checklists.post() endpo ...)
+ TODO: check
+CVE-2024-8999 (lunary-ai/lunary version v1.4.25 contains an improper access control v ...)
+ TODO: check
+CVE-2024-8998 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...)
+ TODO: check
+CVE-2024-8984 (A Denial of Service (DoS) vulnerability exists in berriai/litellm vers ...)
+ TODO: check
+CVE-2024-8982 (A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 a ...)
+ TODO: check
+CVE-2024-8966 (A vulnerability in the file upload process of gradio-app/gradio versio ...)
+ TODO: check
+CVE-2024-8958 (In composiohq/composio version 0.4.3, there is an unrestricted file wr ...)
+ TODO: check
+CVE-2024-8955 (A Server-Side Request Forgery (SSRF) vulnerability exists in composioh ...)
+ TODO: check
+CVE-2024-8954 (In composiohq/composio version 0.5.10, the API does not validate the ` ...)
+ TODO: check
+CVE-2024-8953 (In composiohq/composio version 0.4.3, the mathematical_calculator endp ...)
+ TODO: check
+CVE-2024-8952 (A Server-Side Request Forgery (SSRF) vulnerability exists in composioh ...)
+ TODO: check
+CVE-2024-8898 (A path traversal vulnerability exists in the `install` and `uninstall` ...)
+ TODO: check
+CVE-2024-8859 (A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. ...)
+ TODO: check
+CVE-2024-8789 (Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expres ...)
+ TODO: check
+CVE-2024-8769 (A vulnerability in the `LockManager.release_locks` function in aimhubi ...)
+ TODO: check
+CVE-2024-8765 (In lunary-ai/lunary, the privilege check mechanism is flawed in versio ...)
+ TODO: check
+CVE-2024-8764 (A vulnerability in lunary-ai/lunary, as of commit be54057, allows user ...)
+ TODO: check
+CVE-2024-8763 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...)
+ TODO: check
+CVE-2024-8736 (A Denial of Service (DoS) vulnerability exists in multiple file upload ...)
+ TODO: check
+CVE-2024-8616 (In h2oai/h2o-3 version 3.46.0, the `/99/Models/{name}/json` endpoint a ...)
+ TODO: check
+CVE-2024-8613 (A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows ...)
+ TODO: check
+CVE-2024-8581 (A vulnerability in the `upload_app` function of parisneo/lollms-webui ...)
+ TODO: check
+CVE-2024-8556 (A stored cross-site scripting (XSS) vulnerability exists in modelscope ...)
+ TODO: check
+CVE-2024-8551 (A path traversal vulnerability exists in the save-workflow and load-wo ...)
+ TODO: check
+CVE-2024-8537 (A path traversal vulnerability exists in the modelscope/agentscope app ...)
+ TODO: check
+CVE-2024-8524 (A directory traversal vulnerability exists in modelscope/agentscope ve ...)
+ TODO: check
+CVE-2024-8502 (A vulnerability in the RpcAgentServerLauncher class of modelscope/agen ...)
+ TODO: check
+CVE-2024-8501 (An arbitrary file download vulnerability exists in the rpc_agent_clien ...)
+ TODO: check
+CVE-2024-8489 (A vulnerability in modelscope/agentscope, specifically in the AgentSco ...)
+ TODO: check
+CVE-2024-8487 (A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelsc ...)
+ TODO: check
+CVE-2024-8438 (A path traversal vulnerability exists in modelscope/agentscope version ...)
+ TODO: check
+CVE-2024-8400 (A stored cross-site scripting (XSS) vulnerability exists in the latest ...)
+ TODO: check
+CVE-2024-8251 (A vulnerability in mintplex-labs/anything-llm prior to version 1.2.2 a ...)
+ TODO: check
+CVE-2024-8249 (mintplex-labs/anything-llm version git 6dc3642 contains an unauthentic ...)
+ TODO: check
+CVE-2024-8248 (A vulnerability in the normalizePath function in mintplex-labs/anythin ...)
+ TODO: check
+CVE-2024-8238 (In version 3.22.0 of aimhubio/aim, the AimQL query language uses an ou ...)
+ TODO: check
+CVE-2024-8196 (In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the ...)
+ TODO: check
+CVE-2024-8183 (A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/p ...)
+ TODO: check
+CVE-2024-8156 (A command injection vulnerability exists in the workflow-checker.yml w ...)
+ TODO: check
+CVE-2024-8101 (A stored cross-site scripting (XSS) vulnerability exists in the Text E ...)
+ TODO: check
+CVE-2024-8099 (A Server-Side Request Forgery (SSRF) vulnerability exists in the lates ...)
+ TODO: check
+CVE-2024-8065 (A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of ...)
+ TODO: check
+CVE-2024-8063 (A divide by zero vulnerability exists in ollama/ollama version v0.3.3. ...)
+ TODO: check
+CVE-2024-8062 (A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46. ...)
+ TODO: check
+CVE-2024-8061 (In version 3.23.0 of aimhubio/aim, certain methods that request data f ...)
+ TODO: check
+CVE-2024-8060 (OpenWebUI version 0.3.0 contains a vulnerability in the audio API endp ...)
+ TODO: check
+CVE-2024-8057 (In version 0.4.1 of danswer-ai/danswer, a vulnerability exists where a ...)
+ TODO: check
+CVE-2024-8055 (Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in ...)
+ TODO: check
+CVE-2024-8053 (In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` en ...)
+ TODO: check
+CVE-2024-8029 (An XSS vulnerability was discovered in the upload file(s) process of i ...)
+ TODO: check
+CVE-2024-8028 (A vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to ca ...)
+ TODO: check
+CVE-2024-8027 (A stored Cross-Site Scripting (XSS) vulnerability exists in netease-yo ...)
+ TODO: check
+CVE-2024-8026 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the backen ...)
+ TODO: check
+CVE-2024-8024 (A CORS misconfiguration vulnerability exists in netease-youdao/qanythi ...)
+ TODO: check
+CVE-2024-8021 (An open redirect vulnerability exists in the latest version of gradio- ...)
+ TODO: check
+CVE-2024-8020 (A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows ...)
+ TODO: check
+CVE-2024-8019 (In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exist ...)
+ TODO: check
+CVE-2024-8018 (A vulnerability in imartinez/privategpt version 0.5.0 allows for a Den ...)
+ TODO: check
+CVE-2024-8017 (An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8 ...)
+ TODO: check
+CVE-2024-7999 (A vulnerability in open-webui/open-webui version 79778fa allows an att ...)
+ TODO: check
+CVE-2024-7990 (A stored cross-site scripting (XSS) vulnerability exists in open-webui ...)
+ TODO: check
+CVE-2024-7983 (In version 0.3.8 of open-webui, an endpoint for converting markdown to ...)
+ TODO: check
+CVE-2024-7959 (The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 i ...)
+ TODO: check
+CVE-2024-7957 (An arbitrary file overwrite vulnerability exists in the ZulipConnector ...)
+ TODO: check
+CVE-2024-7819 (A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows attackers ...)
+ TODO: check
+CVE-2024-7806 (A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remo ...)
+ TODO: check
+CVE-2024-7804 (A deserialization vulnerability exists in the Pytorch RPC framework (t ...)
+ TODO: check
+CVE-2024-7779 (A vulnerability in danswer-ai/danswer version 1 allows an attacker to ...)
+ TODO: check
+CVE-2024-7776 (A vulnerability in the `download_model` function of the onnx/onnx fram ...)
+ TODO: check
+CVE-2024-7773 (A vulnerability in ollama/ollama version 0.1.37 allows for remote code ...)
+ TODO: check
+CVE-2024-7771 (A vulnerability in the Dockerized version of mintplex-labs/anything-ll ...)
+ TODO: check
+CVE-2024-7768 (A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 versio ...)
+ TODO: check
+CVE-2024-7767 (An improper access control vulnerability exists in danswer-ai/danswer ...)
+ TODO: check
+CVE-2024-7765 (In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploadin ...)
+ TODO: check
+CVE-2024-7764 (Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient pro ...)
+ TODO: check
+CVE-2024-7760 (aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSR ...)
+ TODO: check
+CVE-2024-7598 (A security issue was discovered in Kubernetes where a malicious or com ...)
+ TODO: check
+CVE-2024-7476 (A broken access control vulnerability exists in lunary-ai/lunary versi ...)
+ TODO: check
+CVE-2024-7058 (A vulnerability in the sanitize_path function in parisneo/lollms-webui ...)
+ TODO: check
+CVE-2024-7053 (A vulnerability in open-webui/open-webui version 0.3.8 allows an attac ...)
+ TODO: check
+CVE-2024-7046 (An improper access control vulnerability in open-webui/open-webui v0.3 ...)
+ TODO: check
+CVE-2024-7045 (In version v0.3.8 of open-webui/open-webui, improper access control vu ...)
+ TODO: check
+CVE-2024-7044 (A Stored Cross-Site Scripting (XSS) vulnerability exists in the chat f ...)
+ TODO: check
+CVE-2024-7043 (An improper access control vulnerability in open-webui/open-webui v0.3 ...)
+ TODO: check
+CVE-2024-7040 (In version v0.3.8 of open-webui/open-webui, there is an improper acces ...)
+ TODO: check
+CVE-2024-7039 (In open-webui/open-webui version v0.3.8, there is an improper privileg ...)
+ TODO: check
+CVE-2024-7036 (A vulnerability in open-webui/open-webui v0.3.8 allows an unauthentica ...)
+ TODO: check
+CVE-2024-7035 (In version v0.3.8 of open-webui/open-webui, sensitive actions such as ...)
+ TODO: check
+CVE-2024-7034 (In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerab ...)
+ TODO: check
+CVE-2024-7033 (In version 0.3.8 of open-webui/open-webui, an arbitrary file write vul ...)
+ TODO: check
+CVE-2024-6986 (A Cross-site Scripting (XSS) vulnerability exists in the Settings page ...)
+ TODO: check
+CVE-2024-6982 (A remote code execution vulnerability exists in the Calculate function ...)
+ TODO: check
+CVE-2024-6866 (corydolphin/flask-cors version 4.01 contains a vulnerability where the ...)
+ TODO: check
+CVE-2024-6863 (In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom Encryptio ...)
+ TODO: check
+CVE-2024-6854 (In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does ...)
+ TODO: check
+CVE-2024-6851 (In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup funct ...)
+ TODO: check
+CVE-2024-6844 (A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inc ...)
+ TODO: check
+CVE-2024-6842 (In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-complete` ...)
+ TODO: check
+CVE-2024-6841 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest ...)
+ TODO: check
+CVE-2024-6839 (corydolphin/flask-cors version 4.0.1 contains an improper regex path m ...)
+ TODO: check
+CVE-2024-6838 (In mlflow/mlflow version v2.13.2, a vulnerability exists that allows t ...)
+ TODO: check
+CVE-2024-6829 (A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to e ...)
+ TODO: check
+CVE-2024-6827 (Gunicorn version 21.2.0 does not properly validate the value of the 'T ...)
+ TODO: check
+CVE-2024-6825 (BerriAI/litellm version 1.40.12 contains a vulnerability that allows r ...)
+ TODO: check
+CVE-2024-6583 (A path traversal vulnerability exists in the latest version of stangir ...)
+ TODO: check
+CVE-2024-6577 (In the latest version of pytorch/serve, the script 'upload_results_to_ ...)
+ TODO: check
+CVE-2024-6483 (A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim ve ...)
+ TODO: check
+CVE-2024-5752 (A path traversal vulnerability exists in stitionai/devika, specificall ...)
+ TODO: check
+CVE-2024-57440 (D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflo ...)
+ TODO: check
+CVE-2024-4990 (In yiisoft/yii2 version 2.0.48, the base Component class contains a vu ...)
+ TODO: check
+CVE-2024-4023 (A stored cross-site scripting (XSS) vulnerability exists in flatpressb ...)
+ TODO: check
+CVE-2024-48591 (Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting (XSS) ...)
+ TODO: check
+CVE-2024-48590 (Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forger ...)
+ TODO: check
+CVE-2024-2292 (Due to a lack of access control, unauthorized users are able to view a ...)
+ TODO: check
+CVE-2024-13923 (The Order Export & Order Import for WooCommerce plugin for WordPress i ...)
+ TODO: check
+CVE-2024-13922 (The Order Export & Order Import for WooCommerce plugin for WordPress i ...)
+ TODO: check
+CVE-2024-13921 (The Order Export & Order Import for WooCommerce plugin for WordPress i ...)
+ TODO: check
+CVE-2024-13920 (The Order Export & Order Import for WooCommerce plugin for WordPress i ...)
+ TODO: check
+CVE-2024-13558 (The NP Quote Request for WooCommerce plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-13060 (A vulnerability in AnythingLLM Docker version 1.3.1 allows users with ...)
+ TODO: check
+CVE-2024-12911 (A vulnerability in the `default_jsonalyzer` function of the `JSONalyze ...)
+ TODO: check
+CVE-2024-12910 (A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama ...)
+ TODO: check
+CVE-2024-12909 (A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_ind ...)
+ TODO: check
+CVE-2024-12886 (An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server ver ...)
+ TODO: check
+CVE-2024-12882 (comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server- ...)
+ TODO: check
+CVE-2024-12880 (A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows fo ...)
+ TODO: check
+CVE-2024-12871 (An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an at ...)
+ TODO: check
+CVE-2024-12870 (A stored cross-site scripting (XSS) vulnerability exists in infiniflow ...)
+ TODO: check
+CVE-2024-12869 (In infiniflow/ragflow version v0.12.0, there is an improper authentica ...)
+ TODO: check
+CVE-2024-12868 (In version 0.3.32 of open-webui, the application uses a vulnerable ver ...)
+ TODO: check
+CVE-2024-12866 (A local file inclusion vulnerability exists in netease-youdao/qanythin ...)
+ TODO: check
+CVE-2024-12864 (A Denial of Service (DoS) vulnerability was discovered in the file upl ...)
+ TODO: check
+CVE-2024-12779 (A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflo ...)
+ TODO: check
+CVE-2024-12778 (A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of ...)
+ TODO: check
+CVE-2024-12777 (A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of ...)
+ TODO: check
+CVE-2024-12776 (In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint doe ...)
+ TODO: check
+CVE-2024-12775 (langgenius/dify version 0.10.1 contains a Server-Side Request Forgery ...)
+ TODO: check
+CVE-2024-12766 (parisneo/lollms-webui version V13 (feather) suffers from a Server-Side ...)
+ TODO: check
+CVE-2024-12761 (A Denial of Service (DoS) vulnerability exists in the brycedrennan/ima ...)
+ TODO: check
+CVE-2024-12760 (An open redirect vulnerability in bentoml/bentoml v1.3.9 allows a remo ...)
+ TODO: check
+CVE-2024-12759 (In bentoml/bentoml version 1.3.9, the `/login` endpoint of the newly i ...)
+ TODO: check
+CVE-2024-12720 (A Regular Expression Denial of Service (ReDoS) vulnerability was ident ...)
+ TODO: check
+CVE-2024-12704 (A vulnerability in the LangChainLLM class of the run-llama/llama_index ...)
+ TODO: check
+CVE-2024-12580 (A vulnerability in danny-avila/librechat prior to version 0.7.6 allows ...)
+ TODO: check
+CVE-2024-12537 (In version 0.3.32 of open-webui/open-webui, the absence of authenticat ...)
+ TODO: check
+CVE-2024-12534 (In version v0.3.32 of open-webui/open-webui, the application allows us ...)
+ TODO: check
+CVE-2024-12450 (In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `do ...)
+ TODO: check
+CVE-2024-12433 (A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remo ...)
+ TODO: check
+CVE-2024-12392 (A Server-Side Request Forgery (SSRF) vulnerability exists in binary-hu ...)
+ TODO: check
+CVE-2024-12391 (A vulnerability in binary-husky/gpt_academic, as of commit 310122f, al ...)
+ TODO: check
+CVE-2024-12390 (A vulnerability in binary-husky/gpt_academic version git 310122f allow ...)
+ TODO: check
+CVE-2024-12389 (A path traversal vulnerability exists in binary-husky/gpt_academic ver ...)
+ TODO: check
+CVE-2024-12388 (A vulnerability in binary-husky/gpt_academic version 310122f allows fo ...)
+ TODO: check
+CVE-2024-12387 (A vulnerability in the binary-husky/gpt_academic repository, as of com ...)
+ TODO: check
+CVE-2024-12376 (A Server-Side Request Forgery (SSRF) vulnerability was identified in t ...)
+ TODO: check
+CVE-2024-12375 (A local file inclusion vulnerability was identified in automatic1111/s ...)
+ TODO: check
+CVE-2024-12374 (A stored cross-site scripting (XSS) vulnerability exists in automatic1 ...)
+ TODO: check
+CVE-2024-12217 (A vulnerability in the gradio-app/gradio repository, version git 67e40 ...)
+ TODO: check
+CVE-2024-12216 (A vulnerability in the `ImageClassificationDataset.from_csv()` API of ...)
+ TODO: check
+CVE-2024-12215 (In kedro-org/kedro version 0.19.8, the `pull_package()` API function a ...)
+ TODO: check
+CVE-2024-12074 (A Denial of Service (DoS) vulnerability was discovered in the file upl ...)
+ TODO: check
+CVE-2024-12070 (A Denial of Service (DoS) vulnerability exists in the file upload feat ...)
+ TODO: check
+CVE-2024-12068 (A Server-Side Request Forgery (SSRF) vulnerability was discovered in h ...)
+ TODO: check
+CVE-2024-12065 (A local file inclusion vulnerability exists in haotian-liu/llava at co ...)
+ TODO: check
+CVE-2024-12063 (A Denial of Service (DoS) vulnerability exists in the file upload feat ...)
+ TODO: check
+CVE-2024-12055 (A vulnerability in Ollama versions <=0.3.14 allows a malicious user to ...)
+ TODO: check
+CVE-2024-12048 (An IDOR (Insecure Direct Object Reference) vulnerability exists in tra ...)
+ TODO: check
+CVE-2024-12044 (A remote code execution vulnerability exists in open-mmlab/mmdetection ...)
+ TODO: check
+CVE-2024-12039 (langgenius/dify version v0.10.1 contains a vulnerability where there a ...)
+ TODO: check
+CVE-2024-12029 (A remote code execution vulnerability exists in invoke-ai/invokeai ver ...)
+ TODO: check
+CVE-2024-11958 (A SQL injection vulnerability exists in the `duckdb_retriever` compone ...)
+ TODO: check
+CVE-2024-11850 (A stored cross-site scripting (XSS) vulnerability exists in the latest ...)
+ TODO: check
+CVE-2024-11824 (A stored cross-site scripting (XSS) vulnerability exists in langgenius ...)
+ TODO: check
+CVE-2024-11822 (langgenius/dify version 0.9.1 contains a Server-Side Request Forgery ( ...)
+ TODO: check
+CVE-2024-11821 (A privilege escalation vulnerability exists in langgenius/dify version ...)
+ TODO: check
+CVE-2024-11603 (A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fa ...)
+ TODO: check
+CVE-2024-11602 (A Cross-Origin Resource Sharing (CORS) vulnerability exists in feast-d ...)
+ TODO: check
+CVE-2024-11449 (A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6) allows ...)
+ TODO: check
+CVE-2024-11441 (A stored cross-site scripting (XSS) vulnerability exists in Serge vers ...)
+ TODO: check
+CVE-2024-11302 (A missing check_access() function in the lollms_binding_infos module o ...)
+ TODO: check
+CVE-2024-11301 (In lunary-ai/lunary before version 1.6.3, the application allows the c ...)
+ TODO: check
+CVE-2024-11300 (In lunary-ai/lunary before version 1.6.3, an improper access control v ...)
+ TODO: check
+CVE-2024-11173 (An unhandled exception in the danny-avila/librechat repository, versio ...)
+ TODO: check
+CVE-2024-11172 (A vulnerability in danny-avila/librechat version git a1647d7 allows an ...)
+ TODO: check
+CVE-2024-11171 (In danny-avila/librechat version git 0c2a583, there is an improper inp ...)
+ TODO: check
+CVE-2024-11170 (A vulnerability in danny-avila/librechat version git 81f2936 allows fo ...)
+ TODO: check
+CVE-2024-11169 (An unhandled exception in danny-avila/librechat version 3c94ff2 can le ...)
+ TODO: check
+CVE-2024-11167 (An improper access control vulnerability in danny-avila/librechat vers ...)
+ TODO: check
+CVE-2024-11137 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...)
+ TODO: check
+CVE-2024-11045 (A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic111 ...)
+ TODO: check
+CVE-2024-11044 (An open redirect vulnerability in automatic1111/stable-diffusion-webui ...)
+ TODO: check
+CVE-2024-11043 (A Denial of Service (DoS) vulnerability was discovered in the /api/v1/ ...)
+ TODO: check
+CVE-2024-11042 (In invoke-ai/invokeai version v5.0.2, the web API `POST /api/v1/images ...)
+ TODO: check
+CVE-2024-11041 (vllm-project vllm version v0.6.2 contains a vulnerability in the Messa ...)
+ TODO: check
+CVE-2024-11040 (vllm-project vllm version 0.5.2.2 is vulnerable to Denial of Service a ...)
+ TODO: check
+CVE-2024-11039 (A pickle deserialization vulnerability exists in the Latex English err ...)
+ TODO: check
+CVE-2024-11037 (A path traversal vulnerability exists in binary-husky/gpt_academic at ...)
+ TODO: check
+CVE-2024-11033 (A Denial of Service (DoS) vulnerability exists in the file upload feat ...)
+ TODO: check
+CVE-2024-11031 (In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Fo ...)
+ TODO: check
+CVE-2024-11030 (GPT Academic version 3.83 is vulnerable to a Server-Side Request Forge ...)
+ TODO: check
+CVE-2024-10986 (GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vul ...)
+ TODO: check
+CVE-2024-10956 (GPT Academy version 3.83 in the binary-husky/gpt_academic repository i ...)
+ TODO: check
+CVE-2024-10955 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...)
+ TODO: check
+CVE-2024-10954 (In the `manim` plugin of binary-husky/gpt_academic, versions prior to ...)
+ TODO: check
+CVE-2024-10950 (In binary-husky/gpt_academic version <= 3.83, the plugin `CodeInterpre ...)
+ TODO: check
+CVE-2024-10948 (A vulnerability in the upload function of binary-husky/gpt_academic al ...)
+ TODO: check
+CVE-2024-10940 (A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,< ...)
+ TODO: check
+CVE-2024-10935 (automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnera ...)
+ TODO: check
+CVE-2024-10912 (A Denial of Service (DoS) vulnerability exists in the file upload feat ...)
+ TODO: check
+CVE-2024-10908 (An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allo ...)
+ TODO: check
+CVE-2024-10907 (In lm-sys/fastchat Release v0.2.36, the server fails to handle excessi ...)
+ TODO: check
+CVE-2024-10906 (In version 0.6.0 of eosphoros-ai/db-gpt, the `uvicorn` app created by ...)
+ TODO: check
+CVE-2024-10902 (In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/ ...)
+ TODO: check
+CVE-2024-10901 (In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/edito ...)
+ TODO: check
+CVE-2024-10835 (In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/edito ...)
+ TODO: check
+CVE-2024-10834 (eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG- ...)
+ TODO: check
+CVE-2024-10833 (eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file w ...)
+ TODO: check
+CVE-2024-10831 (In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files ...)
+ TODO: check
+CVE-2024-10830 (A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt versi ...)
+ TODO: check
+CVE-2024-10829 (A Denial of Service (DoS) vulnerability in the multipart request bound ...)
+ TODO: check
+CVE-2024-10821 (A Denial of Service (DoS) vulnerability in the multipart request bound ...)
+ TODO: check
+CVE-2024-10819 (A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of b ...)
+ TODO: check
+CVE-2024-10812 (An open redirect vulnerability exists in binary-husky/gpt_academic ver ...)
+ TODO: check
+CVE-2024-10762 (In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint ...)
+ TODO: check
+CVE-2024-10727 (A reflected cross-site scripting (XSS) vulnerability exists in phpipam ...)
+ TODO: check
+CVE-2024-10725 (A stored cross-site scripting (XSS) vulnerability exists in phpipam/ph ...)
+ TODO: check
+CVE-2024-10724 (A stored cross-site scripting (XSS) vulnerability exists in phpipam/ph ...)
+ TODO: check
+CVE-2024-10723 (A stored cross-site scripting (XSS) vulnerability was discovered in ph ...)
+ TODO: check
+CVE-2024-10722 (A stored cross-site scripting (XSS) vulnerability exists in phpipam/ph ...)
+ TODO: check
+CVE-2024-10721 (A stored cross-site scripting (XSS) vulnerability was discovered in ph ...)
+ TODO: check
+CVE-2024-10720 (A stored cross-site scripting (XSS) vulnerability exists in phpipam/ph ...)
+ TODO: check
+CVE-2024-10719 (A stored cross-site scripting (XSS) vulnerability exists in phpipam ve ...)
+ TODO: check
+CVE-2024-10718 (In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive c ...)
+ TODO: check
+CVE-2024-10714 (A vulnerability in binary-husky/gpt_academic version 3.83 allows an at ...)
+ TODO: check
+CVE-2024-10713 (A vulnerability in szad670401/hyperlpr v3.0 allows for a Denial of Ser ...)
+ TODO: check
+CVE-2024-10707 (gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local ...)
+ TODO: check
+CVE-2024-10650 (An unauthenticated Denial of Service (DoS) vulnerability was identifie ...)
+ TODO: check
+CVE-2024-10648 (A path traversal vulnerability exists in the Gradio Audio component of ...)
+ TODO: check
+CVE-2024-10624 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...)
+ TODO: check
+CVE-2024-10572 (In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classe ...)
+ TODO: check
+CVE-2024-10569 (A vulnerability in the dataframe component of gradio-app/gradio (versi ...)
+ TODO: check
+CVE-2024-10553 (A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows u ...)
+ TODO: check
+CVE-2024-10550 (A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version ...)
+ TODO: check
+CVE-2024-10549 (A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46 ...)
+ TODO: check
+CVE-2024-10513 (A path traversal vulnerability exists in the 'document uploads manager ...)
+ TODO: check
+CVE-2024-10481 (A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v ...)
+ TODO: check
+CVE-2024-10457 (Multiple Server-Side Request Forgery (SSRF) vulnerabilities were ident ...)
+ TODO: check
+CVE-2024-10366 (An improper access control vulnerability (IDOR) exists in the delete a ...)
+ TODO: check
+CVE-2024-10363 (In version 0.7.5 of danny-avila/LibreChat, there is an improper access ...)
+ TODO: check
+CVE-2024-10361 (An arbitrary file deletion vulnerability exists in danny-avila/librech ...)
+ TODO: check
+CVE-2024-10359 (In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in ...)
+ TODO: check
+CVE-2024-10330 (In lunary-ai/lunary version 1.5.6, the `/v1/evaluators/` endpoint lack ...)
+ TODO: check
+CVE-2024-10275 (In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where adm ...)
+ TODO: check
+CVE-2024-10274 (An improper authorization vulnerability exists in lunary-ai/lunary ver ...)
+ TODO: check
+CVE-2024-10273 (In lunary-ai/lunary v1.5.0, improper privilege management in the model ...)
+ TODO: check
+CVE-2024-10272 (lunary-ai/lunary is vulnerable to broken access control in the latest ...)
+ TODO: check
+CVE-2024-10267 (An information disclosure vulnerability exists in the latest version o ...)
+ TODO: check
+CVE-2024-10264 (HTTP Request Smuggling vulnerability in netease-youdao/qanything versi ...)
+ TODO: check
+CVE-2024-10252 (A vulnerability in langgenius/dify versions <=v0.9.1 allows for code i ...)
+ TODO: check
+CVE-2024-10225 (A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to caus ...)
+ TODO: check
+CVE-2024-10190 (Horovod versions up to and including v0.28.1 are vulnerable to unauthe ...)
+ TODO: check
+CVE-2024-10188 (A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unaut ...)
+ TODO: check
+CVE-2024-10110 (In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object ...)
+ TODO: check
+CVE-2024-10109 (A vulnerability in the mintplex-labs/anything-llm repository, as of co ...)
+ TODO: check
+CVE-2024-10096 (Dask versions <=2024.8.2 contain a vulnerability in the Dask Distribut ...)
+ TODO: check
+CVE-2024-10051 (Realchar version v0.0.4 is vulnerable to an unauthenticated denial of ...)
+ TODO: check
+CVE-2024-10047 (parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a ...)
+ TODO: check
+CVE-2024-10019 (A vulnerability in the `start_app_server` function of parisneo/lollms- ...)
+ TODO: check
+CVE-2024-0640 (A stored cross-site scripting (XSS) vulnerability exists in chatwoot/c ...)
+ TODO: check
+CVE-2024-0245 (A misconfiguration in the AndroidManifest.xml file in hamza417/inure b ...)
+ TODO: check
CVE-2025-30259 (The WhatsApp cloud service before late 2024 did not block certain craf ...)
NOT-FOR-US: WhatsApp
CVE-2025-30092 (Intrexx Portal Server 12.x <= 12.0.2 and 11.x <= 11.9.2 allows XSS in ...)
@@ -165,11 +909,11 @@ CVE-2024-12137 (Authentication Bypass by Capture-replay vulnerability in Elfatek
NOT-FOR-US: Elfatek Elektronics
CVE-2024-12136 (Missing Critical Step in Authentication vulnerability in Elfatek Elekt ...)
NOT-FOR-US: Elfatek Elektronics
-CVE-2025-27888
+CVE-2025-27888 (Severity: medium (5.8) / important Server-Side Request Forgery (SSRF) ...)
- druid <itp> (bug #825797)
-CVE-2024-54016
+CVE-2024-54016 (Improper Handling of Highly Compressed Data (Data Amplification) vulne ...)
NOT-FOR-US: Apache Seata
-CVE-2024-47552
+CVE-2024-47552 (Deserialization of Untrusted Data vulnerability in Apache Seata (incub ...)
NOT-FOR-US: Apache Seata
CVE-2025-27018 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Apache Airflow MySQL Provider
@@ -1092,35 +1836,35 @@ CVE-2024-11235
- php8.4 8.4.5-1
NOTE: https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477
CVE-2025-1861
- {DSA-5878-1}
+ {DSA-5878-1 DLA-4088-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
NOTE: https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff
NOTE: Fixed by: https://github.com/php/php-src/commit/ac1a054bb3eb5994a199e8b18cca28cbabf5943e (php-8.1.32)
CVE-2025-1736
- {DSA-5878-1}
+ {DSA-5878-1 DLA-4088-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
NOTE: https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528
NOTE: Fixed by: https://github.com/php/php-src/commit/41d49abbd99dab06cdae4834db664435f8177174 (php-8.1.32)
CVE-2025-1734
- {DSA-5878-1}
+ {DSA-5878-1 DLA-4088-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
NOTE: https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44
NOTE: Fixed by: https://github.com/php/php-src/commit/0548c4c1756724a89ef8310709419b08aadb2b3b (php-8.1.32)
CVE-2025-1219
- {DSA-5878-1}
+ {DSA-5878-1 DLA-4088-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
NOTE: https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc
NOTE: Fixed by: https://github.com/php/php-src/commit/b6004a043c16b211d462218fbb3f72db68ec2b18 (php-8.1.32)
CVE-2025-1217
- {DSA-5878-1}
+ {DSA-5878-1 DLA-4088-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
@@ -3558,7 +4302,7 @@ CVE-2025-27510 (conda-forge-metadata provides programatic access to conda-forge'
NOT-FOR-US: conda-forge-metadata
CVE-2025-26319 (FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file u ...)
NOT-FOR-US: FlowiseAI Flowise
-CVE-2025-26318 (Insecure permissions in TSplus Remote Access v17.30 allow attackers to ...)
+CVE-2025-26318 (hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote a ...)
NOT-FOR-US: TSplus Remote Access
CVE-2025-26136 (A SQL injection vulnerability exists in mysiteforme versions prior to ...)
NOT-FOR-US: mysiteforme
@@ -12499,7 +13243,7 @@ CVE-2025-24036 (Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2025-23403 (A vulnerability has been identified in SIMATIC IPC DiagBase (All versi ...)
NOT-FOR-US: Siemens
-CVE-2025-23363 (A vulnerability has been identified in Teamcenter (All versions). The ...)
+CVE-2025-23363 (A vulnerability has been identified in Teamcenter V14.1 (All versions) ...)
NOT-FOR-US: Siemens
CVE-2025-22467 (A stack-based buffer overflow in Ivanti Connect Secure before version ...)
NOT-FOR-US: Ivanti
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/141dcad772551d24cf1df22f19b5ceed5b4edb27
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/141dcad772551d24cf1df22f19b5ceed5b4edb27
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250320/0c6cfd42/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list