127 matches found
EUVD-2025-7015
Malicious code in bioql PyPI...
EUVD-2025-6990
Malicious code in bioql PyPI...
EUVD-2025-6997
Malicious code in bioql PyPI...
EUVD-2025-6989
Malicious code in bioql PyPI...
EUVD-2025-5080
Malicious code in bioql PyPI...
EUVD-2024-51969
Malicious code in bioql PyPI...
EUVD-2025-22375
Malicious code in bioql PyPI...
EUVD-2025-15586
Malicious code in bioql PyPI...
EUVD-2025-7013
Malicious code in bioql PyPI...
CVE-2025-51462
Stored Cross-site Scripting XSS vulnerability in api.apps.dialogapp.setdialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a markdown component with rehype-raw...
CVE-2025-51462
Stored Cross-site Scripting XSS vulnerability in api.apps.dialogapp.setdialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a markdown component with rehype-raw...
CVE-2025-51462
Stored Cross-site Scripting XSS vulnerability in api.apps.dialogapp.setdialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a markdown component with rehype-raw...
CVE-2025-51462
CVE-2025-51462 describes a stored XSS in RAGFlow 0.17.2, via api.apps.dialog_app.set_dialog: crafted input to the assistant greeting field is stored unsanitised and rendered by a markdown component with rehype-raw, enabling execution of arbitrary JavaScript. The vulnerability affects RAGFlow 0.17...
RAGFlow 跨站脚本漏洞
RAGFlow is an open source RAG engine based on deep document understanding by InfiniFlow open source. A security vulnerability exists in RAGFlow version 0.17.2, which stems from a stored cross-site scripting vulnerability in api.apps.dialogapp.setdialog that could lead to the execution of arbitrar...
CVE-2025-51462
Stored Cross-site Scripting XSS vulnerability in api.apps.dialogapp.setdialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a markdown component with rehype-raw...
PT-2025-30456 · Ragflow · Ragflow
Name of the Vulnerable Software and Affected Versions: RAGFlow version 0.17.2 Description: A stored Cross-site Scripting XSS issue exists in the api.apps.dialog app.set dialog function. This allows remote attackers to execute arbitrary JavaScript code through crafted input to the assistant greeti...
CVE-2025-51462
Stored Cross-site Scripting XSS vulnerability in api.apps.dialogapp.setdialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a markdown component with rehype-raw...
CVE-2024-53450
RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents...
CVE-2025-48187
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting...
CVE-2025-48187
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting...