Lucene search
K

21 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-47022

Malicious code in bioql PyPI...

8.6CVSS8.8AI score0.00554EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7033

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00646EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/03/22 12:52 p.m.16 views

CVE-2024-11822

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery SSRF vulnerability. The vulnerability exists due to improper handling of the apiendpoint parameter, allowing an attacker to make direct requests to internal network services. This can lead to unauthorized access to internal...

7.5CVSS6.9AI score0.0056EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.3 views

CVE-2024-11603

A Server-Side Request Forgery SSRF vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the /queue/join? endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal...

7.5CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-11822

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery SSRF vulnerability. The vulnerability exists due to improper handling of the apiendpoint parameter, allowing an attacker to make direct requests to internal network services. This can lead to unauthorized access to internal...

7.5CVSS0.0056EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.3 views

CVE-2024-11822

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery SSRF vulnerability. The vulnerability exists due to improper handling of the apiendpoint parameter, allowing an attacker to make direct requests to internal network services. This can lead to unauthorized access to internal...

7.5CVSS7AI score
Exploits0References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.16 views

CVE-2024-11822 Server-Side Request Forgery (SSRF) in langgenius/dify

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery SSRF vulnerability. The vulnerability exists due to improper handling of the apiendpoint parameter, allowing an attacker to make direct requests to internal network services. This can lead to unauthorized access to internal...

6.5CVSS0.0056EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:8 a.m.5 views

CVE-2024-11449 Server-Side Request Forgery in haotian-liu/llava

A vulnerability in haotian-liu/llava version 1.2.0 LLaVA-1.6 allows for Server-Side Request Forgery SSRF through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation o...

7.5CVSS7.6AI score0.00646EPSS
Exploits1References1
NVD
NVD
added 2024/06/27 7:15 p.m.32 views

CVE-2024-5885

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery SSRF vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain acces...

8.6CVSS0.00554EPSS
Exploits1References1
CVE
CVE
added 2024/06/27 6:45 p.m.51 views

CVE-2024-5885

CVE-2024-5885 concerns the Quivr project: stangirard/quivr v0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The issue arises from insufficient controls when the crawler accesses external websites, enabling an attacker to reach internal/local-network resources, including inter...

8.6CVSS8.6AI score0.00554EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/27 6:45 p.m.14 views

CVE-2024-5885 Server-Side Request Forgery (SSRF) in stangirard/quivr

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery SSRF vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain acces...

8.6CVSS7.2AI score0.00554EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/27 6:45 p.m.27 views

CVE-2024-5885 Server-Side Request Forgery (SSRF) in stangirard/quivr

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery SSRF vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain acces...

8.6CVSS0.00554EPSS
Exploits1References1
NVD
NVD
added 2024/06/06 7:16 p.m.22 views

CVE-2024-5186

A Server-Side Request Forgery SSRF vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information. Specifically,...

8.3CVSS0.00344EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2024/06/06 6:30 p.m.22 views

Server-Side Request Forgery in gradio

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is us...

8.6CVSS8.3AI score0.37366EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/06/06 6:30 p.m.18 views

GHSA-973G-55HP-3FRW Server-Side Request Forgery in gradio

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is us...

8.6CVSS8.3AI score0.37366EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/06/06 6:19 p.m.12 views

CVE-2024-5186 Server Side Request Forgery (SSRF) in imartinez/privategpt

A Server-Side Request Forgery SSRF vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information. Specifically,...

8.3CVSS6.7AI score0.00344EPSS
Exploits1References1
OSV
OSV
added 2024/06/06 6:15 p.m.10 views

CVE-2024-4325

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

8.6CVSS6.6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/06 5:55 p.m.22 views

CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

8.6CVSS6.7AI score0.37366EPSS
Exploits1References1
CVE
CVE
added 2024/06/06 5:55 p.m.88 views

CVE-2024-4325

Gradio SSRF (CVE-2024-4325) affects gradio-app/gradio v4.21.0, vulnerable at /queue/join and the save_url_to_cache path handling. User-supplied path is used to fetch URLs without adequate validation, enabling potential access to internal services and AWS metadata endpoints. Remediation: upgrade t...

8.6CVSS8.3AI score0.37366EPSS
In wildExploits1References1Affected Software1
Cvelist
Cvelist
added 2024/06/06 5:55 p.m.39 views

CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

8.6CVSS0.37366EPSS
Exploits1References1
Rows per page
Query Builder