3 matches found
EUVD-2025-7015
Malicious code in bioql PyPI...
CVE-2024-12450
In infiniflow/ragflow versions 0.12.0, the webcrawl function in documentapp.py contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF...
CVE-2024-12450
CVE-2024-12450 affects infiniflow/ragflow 0.12.0, where web_crawl in document_app.py does not filter URL parameters, enabling Full Read SSRF to access internal addresses via the generated PDFs, and allows Arbitrary File Read through the file:// protocol. The underlying Chromium headless is used w...