10 matches found
CVE-2025-63914
An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...
EUVD-2025-198989
An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...
CVE-2025-63914
An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...
CVE-2025-63914
An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...
Cinnamon kotaemon 安全漏洞
Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A security vulnerability exists in Cinnamon kotaemon version 0.11.0, which stems from a failure of the mayextractzip function to check the contents of a ZIP file, which could lead to resource exhaustion...
CVE-2025-63914
Cinnamon kotaemon 0.11.0 is affected by CVE-2025-63914 due to the _may_extract_zip function in lib/ktem/ktem/index/file/ui.py not validating uploaded ZIP contents. This can allow a ZIP bomb to exhaust resources during decompression; even though files are extracted to a temporary folder cleared af...
CVE-2025-63914
An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...
Cinnamon kotaemon 安全漏洞
Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A security vulnerability exists in Cinnamon kotaemon version 0.11.0, which originates from cross-site scripting and could lead to the execution of arbitrary code...
Cinnamon kotaemon 安全漏洞
Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A security vulnerability exists in Cinnamon kotaemon version 0.11.0, which originates from storing plaintext passwords in client-side localStorage...
Cinnamon kotaemon 路径遍历漏洞
Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A path traversal vulnerability exists in Cinnamon kotaemon version 0.10.6 and earlier, which stems from unvalidated URLs and local file paths, and could lead to directory traversal and data disclosure...