Lucene search
K

132 matches found

cve
cve
added 2025/12/31 9:17 p.m.20 views

CVE-2025-68700

RAGFlow (pre-0.23.0) is affected by a Remote Code Execution vulnerability. An authenticated, low-privilege user can cause arbitrary commands on the server host via the frontend Canvas CodeExec component because untrusted stdout is parsed with eval() without filtering or sandboxing. This design fl...

9.4CVSS7AI score0.00473EPSS
Exploits1References2Affected Software1
cnnvd
cnnvd
added 2025/12/31 12:0 a.m.10 views

RAGFlow 安全漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow versions prior to 0.22.0 that stems from the use of insecure key generation algorithms during API key and beta token generation, which could lead to...

9.8CVSS5.8AI score0.00492EPSS
Exploits1References5
cnnvd
cnnvd
added 2025/12/31 12:0 a.m.4 views

RAGFlow 安全漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow open source. A security vulnerability exists in RAGFlow versions prior to 0.23.0, which stems from the front-end Canvas CodeExec component using eval to parse untrusted data without filtering or sandboxing,...

9.4CVSS5.9AI score0.00473EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2025/12/31 12:0 a.m.7 views

PT-2025-54459

Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.23.0 Description RAGFlow is a Retrieval-Augmented Generation engine susceptible to arbitrary system command execution. A low-privileged authenticated user can execute commands on the server host process through the...

9.4CVSS7.3AI score0.00473EPSS
Exploits1References8
ptsecurity
ptsecurity
added 2025/12/31 12:0 a.m.8 views

PT-2025-54469

Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.22.0 Description RAGFlow is a Retrieval-Augmented Generation engine. Versions prior to 0.22.0 utilize an insecure key generation algorithm when creating API keys and beta tokens assistant/agent share auth. This allo...

9.8CVSS6.6AI score0.00492EPSS
Exploits1References10
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7013

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.0061EPSS
Exploits1References2
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-22375

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00285EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6997

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.01549EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-15586

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00492EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6990

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.00641EPSS
Exploits1References2
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-51969

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00531EPSS
Exploits1References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-5080

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.00449EPSS
Exploits1References1
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7015

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.01211EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-6989

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00359EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/07/24 12:23 a.m.6 views

CVE-2025-51462

Stored Cross-site Scripting XSS vulnerability in api.apps.dialogapp.setdialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a markdown component with rehype-raw...

6.1CVSS5.8AI score0.00285EPSS
Exploits1References1
nvd
nvd
added 2025/07/22 9:15 p.m.7 views

CVE-2025-51462

Stored Cross-site Scripting XSS vulnerability in api.apps.dialogapp.setdialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a markdown component with rehype-raw...

6.1CVSS0.00285EPSS
Exploits1References3
cnnvd
cnnvd
added 2025/07/22 12:0 a.m.4 views

RAGFlow 跨站脚本漏洞

RAGFlow is an open source RAG engine based on deep document understanding by InfiniFlow open source. A security vulnerability exists in RAGFlow version 0.17.2, which stems from a stored cross-site scripting vulnerability in api.apps.dialogapp.setdialog that could lead to the execution of arbitrar...

6.1CVSS6.1AI score0.00285EPSS
Exploits1References5
cvelist
cvelist
added 2025/07/22 12:0 a.m.10 views

CVE-2025-51462

Stored Cross-site Scripting XSS vulnerability in api.apps.dialogapp.setdialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a markdown component with rehype-raw...

0.00285EPSS
Exploits1References3
cve
cve
added 2025/07/22 12:0 a.m.24 views

CVE-2025-51462

CVE-2025-51462 describes a stored XSS in RAGFlow 0.17.2, via api.apps.dialog_app.set_dialog: crafted input to the assistant greeting field is stored unsanitised and rendered by a markdown component with rehype-raw, enabling execution of arbitrary JavaScript. The vulnerability affects RAGFlow 0.17...

6.1CVSS6.2AI score0.00285EPSS
Exploits1References3Affected Software1
vulnrichment
vulnrichment
added 2025/07/22 12:0 a.m.5 views

CVE-2025-51462

Stored Cross-site Scripting XSS vulnerability in api.apps.dialogapp.setdialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a markdown component with rehype-raw...

6.2AI score0.00285EPSS
Exploits1References3
Rows per page
Query Builder