Lucene search

K

Float Menu – Awesome Floating Side Menu Security Vulnerabilities

osv
osv

Server-Side Request Forgery in langchain

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....

4.8CVSS

7.5AI Score

0.0004EPSS

2024-06-06 09:30 PM
2
github
github

Server-Side Request Forgery in langchain

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....

4.8CVSS

5.6AI Score

0.0004EPSS

2024-06-06 09:30 PM
4
amazon
amazon

Medium: opensc

Issue Overview: A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. (CVE-2023-5992) Affected Packages: opensc Note: This advisory is applicable to Amazon Linux 2...

5.9CVSS

6.7AI Score

0.001EPSS

2024-06-06 08:17 PM
cve
cve

CVE-2024-5328

A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the application's failure to validate user-supplied URLs before using them in server-side requests. An.....

8.6CVSS

6.9AI Score

0.0004EPSS

2024-06-06 07:16 PM
28
nvd
nvd

CVE-2024-5328

A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the application's failure to validate user-supplied URLs before using them in server-side requests. An.....

8.6CVSS

0.0004EPSS

2024-06-06 07:16 PM
nvd
nvd

CVE-2024-5186

A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information....

8.3CVSS

0.0004EPSS

2024-06-06 07:16 PM
3
cve
cve

CVE-2024-5186

A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information....

8.3CVSS

6.9AI Score

0.0004EPSS

2024-06-06 07:16 PM
24
cve
cve

CVE-2024-4851

A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary...

7.7CVSS

7.4AI Score

0.0004EPSS

2024-06-06 07:16 PM
29
nvd
nvd

CVE-2024-4851

A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary...

7.7CVSS

0.0004EPSS

2024-06-06 07:16 PM
nvd
nvd

CVE-2024-3149

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by...

9.6CVSS

0.0004EPSS

2024-06-06 07:16 PM
1
osv
osv

CVE-2024-3149

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by...

9.6CVSS

6.9AI Score

0.0004EPSS

2024-06-06 07:16 PM
1
cve
cve

CVE-2024-3149

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by...

9.6CVSS

7.2AI Score

0.0004EPSS

2024-06-06 07:16 PM
28
cve
cve

CVE-2024-3095

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....

4.8CVSS

5.6AI Score

0.0004EPSS

2024-06-06 07:15 PM
24
nvd
nvd

CVE-2024-3095

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....

4.8CVSS

0.0004EPSS

2024-06-06 07:15 PM
cve
cve

CVE-2024-36735

OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is...

7.2AI Score

EPSS

2024-06-06 07:15 PM
26
nvd
nvd

CVE-2024-36735

OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is...

EPSS

2024-06-06 07:15 PM
1
vulnrichment
vulnrichment

CVE-2024-5328 SSRF Vulnerability in lunary-ai/lunary

A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the application's failure to validate user-supplied URLs before using them in server-side requests. An.....

8.6CVSS

6.6AI Score

0.0004EPSS

2024-06-06 06:53 PM
cvelist
cvelist

CVE-2024-5328 SSRF Vulnerability in lunary-ai/lunary

A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the application's failure to validate user-supplied URLs before using them in server-side requests. An.....

8.6CVSS

0.0004EPSS

2024-06-06 06:53 PM
cvelist
cvelist

CVE-2024-3149 SSRF in mintplex-labs/anything-llm

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by...

9.6CVSS

0.0004EPSS

2024-06-06 06:43 PM
cvelist
cvelist

CVE-2024-4851 SSRF Vulnerability in stangirard/quivr

A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary...

7.7CVSS

0.0004EPSS

2024-06-06 06:39 PM
2
osv
osv

Server-Side Request Forgery in gradio

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL,...

8.6CVSS

6.6AI Score

0.0004EPSS

2024-06-06 06:30 PM
2
github
github

Server-Side Request Forgery in gradio

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL,...

8.6CVSS

8.3AI Score

0.0004EPSS

2024-06-06 06:30 PM
1
cvelist
cvelist

CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....

4.8CVSS

0.0004EPSS

2024-06-06 06:28 PM
1
vulnrichment
vulnrichment

CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....

4.8CVSS

7.5AI Score

0.0004EPSS

2024-06-06 06:28 PM
vulnrichment
vulnrichment

CVE-2024-5186 Server Side Request Forgery (SSRF) in imartinez/privategpt

A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information....

8.3CVSS

6.7AI Score

0.0004EPSS

2024-06-06 06:19 PM
cvelist
cvelist

CVE-2024-5186 Server Side Request Forgery (SSRF) in imartinez/privategpt

A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information....

8.3CVSS

0.0004EPSS

2024-06-06 06:19 PM
2
nvd
nvd

CVE-2024-5482

A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary...

7.4CVSS

0.0004EPSS

2024-06-06 06:15 PM
cve
cve

CVE-2024-5482

A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary...

7.4CVSS

7.2AI Score

0.0004EPSS

2024-06-06 06:15 PM
25
nvd
nvd

CVE-2024-4325

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP....

8.6CVSS

0.0004EPSS

2024-06-06 06:15 PM
cve
cve

CVE-2024-4325

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP....

8.6CVSS

8.2AI Score

0.0004EPSS

2024-06-06 06:15 PM
23
osv
osv

CVE-2024-3152

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-06-06 06:15 PM
nvd
nvd

CVE-2024-3152

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform...

8.8CVSS

0.0004EPSS

2024-06-06 06:15 PM
cve
cve

CVE-2024-3152

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform...

8.8CVSS

9.2AI Score

0.0004EPSS

2024-06-06 06:15 PM
23
vulnrichment
vulnrichment

CVE-2024-5482 SSRF in add_webpage endpoint in parisneo/lollms-webui

A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary...

7.4CVSS

6.9AI Score

0.0004EPSS

2024-06-06 05:56 PM
cvelist
cvelist

CVE-2024-5482 SSRF in add_webpage endpoint in parisneo/lollms-webui

A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary...

7.4CVSS

0.0004EPSS

2024-06-06 05:56 PM
vulnrichment
vulnrichment

CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP....

8.6CVSS

6.7AI Score

0.0004EPSS

2024-06-06 05:55 PM
cvelist
cvelist

CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the save_url_to_cache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP....

8.6CVSS

0.0004EPSS

2024-06-06 05:55 PM
cvelist
cvelist

CVE-2024-3152 Privilege Escalation and Local File Inclusion in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform...

8.8CVSS

0.0004EPSS

2024-06-06 05:19 PM
vulnrichment
vulnrichment

CVE-2024-3152 Privilege Escalation and Local File Inclusion in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform...

8.8CVSS

7.6AI Score

0.0004EPSS

2024-06-06 05:19 PM
metasploit
metasploit

Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution

The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to...

8.2AI Score

2024-06-06 05:04 PM
19
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

10CVSS

9.6AI Score

EPSS

2024-06-06 03:09 PM
13
kitploit
kitploit

Thief Raccoon - Login Phishing Tool

Thief Raccoon is a tool designed for educational purposes to demonstrate how phishing attacks can be conducted on various operating systems. This tool is intended to raise awareness about cybersecurity threats and help users understand the importance of security measures like 2FA and password...

7.3AI Score

2024-06-06 12:30 PM
35
malwarebytes
malwarebytes

Husband stalked ex-wife with seven AirTags, indictment says

Following their divorce, a husband carried out a campaign of stalking and abuse against his ex-wife—referred to only as “S.K.”—by allegedly hiding seven separate Apple AirTags on or near her car, according to documents filed by US prosecutors for the Eastern District of Pennsylvania. The...

6.2AI Score

2024-06-06 12:20 PM
5
ics
ics

Emerson PACSystem and Fanuc

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.6 ATTENTION: Low attack complexity Vendor: Emerson Equipment: PACSystem, Fanuc Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity Insufficiently Protected Credentials, Download of Code Without...

8.4AI Score

EPSS

2024-06-06 12:00 PM
4
ics
ics

Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CC-Link IE TSN Industrial Managed Switch Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this...

6.5CVSS

7.4AI Score

0.001EPSS

2024-06-06 12:00 PM
3
nvd
nvd

CVE-2024-4177

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on...

9.8CVSS

7.9AI Score

0.001EPSS

2024-06-06 08:15 AM
1
cve
cve

CVE-2024-4177

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on...

9.8CVSS

7AI Score

0.001EPSS

2024-06-06 08:15 AM
30
cvelist
cvelist

CVE-2024-4177 Host whitelist parser issue in GravityZone Console On-Premise (VA-11554)

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on...

8.1CVSS

7.9AI Score

0.001EPSS

2024-06-06 07:59 AM
1
vulnrichment
vulnrichment

CVE-2024-4177 Host whitelist parser issue in GravityZone Console On-Premise (VA-11554)

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on...

8.1CVSS

6.8AI Score

0.001EPSS

2024-06-06 07:59 AM
4
cve
cve

CVE-2024-4212

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TF Group Image, TF Nav Menu, TF Posts, TF Woo Product Grid, TF Accordion, and TF Image Box widgets in all versions up to, and including, 2.1.1 due to insufficient input...

6.4CVSS

6AI Score

0.001EPSS

2024-06-06 04:15 AM
23
Total number of security vulnerabilities58398