Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/12/04 12:11 a.m.13 views

CVE-2025-63914

An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...

6.5CVSS6.9AI score0.00312EPSS
Exploits2References2
EUVD
EUVD
added 2025/11/24 9:30 p.m.5 views

EUVD-2025-198989

An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...

6.5CVSS6.3AI score0.00312EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/11/24 12:0 a.m.3 views

CVE-2025-63914

An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...

6.5AI score0.00312EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/11/24 12:0 a.m.8 views

CVE-2025-63914

An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...

0.00312EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.6 views

Cinnamon kotaemon 安全漏洞

Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A security vulnerability exists in Cinnamon kotaemon version 0.11.0, which stems from a failure of the mayextractzip function to check the contents of a ZIP file, which could lead to resource exhaustion...

6.5CVSS6.6AI score0.00312EPSS
Exploits2References3
CVE
CVE
added 2025/11/24 12:0 a.m.11 views

CVE-2025-63914

Cinnamon kotaemon 0.11.0 is affected by CVE-2025-63914 due to the _may_extract_zip function in lib/ktem/ktem/index/file/ui.py not validating uploaded ZIP contents. This can allow a ZIP bomb to exhaust resources during decompression; even though files are extracted to a temporary folder cleared af...

6.5CVSS6.5AI score0.00312EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2025/11/24 12:0 a.m.5 views

CVE-2025-63914

An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...

6.5CVSS6.8AI score0.00312EPSS
Exploits2References4
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.4 views

Cinnamon kotaemon 安全漏洞

Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A security vulnerability exists in Cinnamon kotaemon version 0.11.0, which originates from cross-site scripting and could lead to the execution of arbitrary code...

6.1CVSS6.1AI score0.0036EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.5 views

Cinnamon kotaemon 安全漏洞

Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A security vulnerability exists in Cinnamon kotaemon version 0.11.0, which originates from storing plaintext passwords in client-side localStorage...

7.5CVSS6.5AI score0.00381EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/07/02 12:0 a.m.4 views

Cinnamon kotaemon 路径遍历漏洞

Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A path traversal vulnerability exists in Cinnamon kotaemon version 0.10.6 and earlier, which stems from unvalidated URLs and local file paths, and could lead to directory traversal and data disclosure...

6.5CVSS6.3AI score0.0038EPSS
Exploits0References3
Rows per page
Query Builder