Lucene search
+L

136 matches found

OSV
OSV
added 2025/03/20 10:9 a.m.5 views

CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

8.1CVSS7.2AI score0.00641EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.6 views

RAGFlow 安全漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow version 0.12.0, which stems from unvalidated PDF file content and could lead to a cross-site scripting attack...

5.4CVSS5.2AI score0.00359EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.8 views

PT-2025-12136 · Unknown +1 · Infiniflow/Ragflow +1

Name of the Vulnerable Software and Affected Versions: infiniflow/ragflow version 0.12.0 Description: The web crawl function in document app.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal networ...

9.8CVSS6.8AI score0.01211EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

RAGFlow 跨站脚本漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A cross-site scripting vulnerability exists in RAGFlow cec2080 version, which stems from unvalidated file content and could lead to a stored cross-site scripting attack...

5.4CVSS5.2AI score0.00454EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.7 views

RAGFlow 授权问题漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. An authorization issue vulnerability exists in RAGFlow version 0.13.0, which stems from not handling tenant IDs correctly and could lead to partial account takeover...

8.1CVSS7.8AI score0.00641EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.7 views

RAGFlow 安全漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow version v0.12.0 that stems from not properly validating authentication, which could lead to a privacy breach...

4.3CVSS4.8AI score0.00508EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.6 views

RAGFlow 安全漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow version 0.12.0 that originates from an unvalidated URL and could lead to a server-side request forgery attack...

7.5CVSS6.5AI score0.0061EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

RAGFlow 代码问题漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A code issue vulnerability exists in RAGFlow version v0.12.0, which stems from hard-coded AuthKey and pickle deserialization and could lead to remote code execution...

9.8CVSS9.7AI score0.01549EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.6 views

RAGFlow 安全漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow version 0.12.0 that stems from unfiltered URL parameters and the use of an outdated version of Chromium, which could lead to full-read SSRF and remote...

9.8CVSS7AI score0.01211EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/27 6:21 p.m.14 views

CVE-2025-27135

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available...

9.8CVSS7.8AI score0.00574EPSS
Exploits1References1
NVD
NVD
added 2025/02/25 7:15 p.m.43 views

CVE-2025-27135

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available...

9.8CVSS0.00574EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/02/25 6:16 p.m.16 views

CVE-2025-27135 RAGFlow SQL Injection vulnerability

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available...

9.3CVSS7.4AI score0.00574EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/02/25 6:16 p.m.44 views

CVE-2025-27135 RAGFlow SQL Injection vulnerability

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available...

9.3CVSS0.00574EPSS
Exploits1References3
OSV
OSV
added 2025/02/25 6:16 p.m.28 views

CVE-2025-27135 RAGFlow SQL Injection vulnerability

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available...

9.3CVSS7.6AI score0.00574EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/02/25 12:0 a.m.7 views

PT-2025-7904 · Ragflow · Ragflow

Name of the Vulnerable Software and Affected Versions: RAGFlow versions 0.15.1 and prior Description: RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query, making it vulnerab...

9.8CVSS7.9AI score0.00574EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/02/25 12:0 a.m.6 views

RAGFlow SQL注入漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A SQL injection vulnerability exists in RAGFlow version 0.15.1 and prior versions, which stems from the ExeSQL component extracting SQL statements from input and sending them directly to a...

9.8CVSS7.8AI score0.00574EPSS
Exploits1References2
NVD
NVD
added 2025/02/21 9:15 p.m.21 views

CVE-2025-25282

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability that may lead to unauthorized cross-tenant access list tenant user accounts, add user account into...

8.1CVSS0.00449EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/02/21 9:4 p.m.32 views

CVE-2025-25282 Potential Insecure Direct Object Reference (IDOR) vulnerability in ragflow

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability that may lead to unauthorized cross-tenant access list tenant user accounts, add user account into...

8.1CVSS0.00449EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/21 9:4 p.m.17 views

CVE-2025-25282 Potential Insecure Direct Object Reference (IDOR) vulnerability in ragflow

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability that may lead to unauthorized cross-tenant access list tenant user accounts, add user account into...

8.1CVSS8AI score0.00449EPSS
Exploits1References1
OSV
OSV
added 2025/02/21 9:4 p.m.5 views

CVE-2025-25282 Potential Insecure Direct Object Reference (IDOR) vulnerability in ragflow

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability that may lead to unauthorized cross-tenant access list tenant user accounts, add user account into...

8.1CVSS7.8AI score0.00449EPSS
Exploits1References3
Rows per page
Query Builder