800 matches found
PT-2025-17614 · Unknown · Meon Kyc Solutions
Name of the Vulnerable Software and Affected Versions: Meon KYC solutions affected versions not specified Description: This issue exists due to the transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit th...
PT-2025-17612 · Unknown · Meon Kyc Solutions
Name of the Vulnerable Software and Affected Versions: Meon KYC solutions affected versions not specified Description: The issue is caused by insufficient server-side validation of the Captcha in certain API endpoints, allowing a remote attacker to bypass the Captcha verification mechanism by...
CVE-2024-54092
A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 All versions, Industrial Edge Device Kit - arm64 V1.18 All versions, Industrial Edge Device Kit - arm64 V1.19 All versions, Industrial Edge Device Kit - arm64 V1.20 All versions V1.20.2-1, Industrial Edge Device Kit -...
CVE-2024-54092
A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 All versions, Industrial Edge Device Kit - arm64 V1.18 All versions, Industrial Edge Device Kit - arm64 V1.19 All versions, Industrial Edge Device Kit - arm64 V1.20 All versions V1.20.2-1, Industrial Edge Device Kit -...
CVE-2024-54092
CVE-2024-54092 affects Siemens Industrial Edge Devices (multiple ARM64/x86-64 SKUs, IEOD, IEVD, SCALANCE LPE9413, SIMATIC IPC devices). The root issue is improper enforcement of user authentication on specific API endpoints when identity federation is used, allowing an unauthenticated remote atta...
AWS VDP: Non-Production API Endpoints for the Neptune Graph Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
The non-production API endpoints for the Neptune Graph Service were found to fail logging to CloudTrail, resulting in silent permission enumeration. Specifically, seven non-production endpoints were identified that could be used with standard IAM credentials without generating CloudTrail logs. Th...
CVE-2024-12779
A Server-Side Request Forgery SSRF vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the POST /v1/llm/addllm and POST /v1/conversation/tts endpoints. Attackers can specify an arbitrary URL as the apibase when adding an OPENAITTS model, and subsequently...
CVE-2024-8898
A path traversal vulnerability exists in the install and uninstall API endpoints of parisneo/lollms-webui version V12 Strawberry. This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of...
CVE-2024-12048
An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...
Incorrect Synchronization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Synchronization due to improper access control mechanisms. An attacker can view and delete any files by directly calling specific API endpoints without needing administrative privileges. This is onl...
CVE-2024-12048
An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...
CVE-2024-12048
An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...
CVE-2024-11173
An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, leading to a full denial of service. This issue occurs when certain API endpoints receive malformed input, resulting in an uncaught exception. Although a valid JWT is required to...
CVE-2024-11173
An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, leading to a full denial of service. This issue occurs when certain API endpoints receive malformed input, resulting in an uncaught exception. Although a valid JWT is required to...
CVE-2024-12779
A Server-Side Request Forgery (SSRF) vulnerability affects infiniflow/ragflow version 0.12.0, in POST /v1/llm/add_llm and POST /v1/conversation/tts. An attacker can supply an arbitrary URL as api_base when adding an OPENAITTS model, then access the tts endpoint to read contents from that URL, pot...
CVE-2024-12779 SSRF in infiniflow/ragflow
A Server-Side Request Forgery SSRF vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the POST /v1/llm/addllm and POST /v1/conversation/tts endpoints. Attackers can specify an arbitrary URL as the apibase when adding an OPENAITTS model, and subsequently...
CVE-2024-12048 IDOR Vulnerability in transformeroptimus/superagi
An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...
CVE-2024-12048
CVE-2024-12048 describes an IDOR (Insecure Direct Object Reference) in transformeroptimus/superagi v0.0.14. The vulnerability arises from improper authorization checks across multiple API endpoints, allowing an attacker to view, edit, and delete other users’ information without proper authorizati...
CVE-2024-12048 IDOR Vulnerability in transformeroptimus/superagi
An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...
CVE-2024-8898 Path Traversal in parisneo/lollms-webui
A path traversal vulnerability exists in the install and uninstall API endpoints of parisneo/lollms-webui version V12 Strawberry. This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of...