CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/03/20 10:10 a.m.•10 views

CVE-2024-8027 Stored Cross-Site Scripting (XSS) in netease-youdao/QAnything

A stored Cross-Site Scripting XSS vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user chats. This vulnerability affects all versions prior to the fix...

6.1CVSS0.00306EPSS

CVE•added 2025/03/20 10:10 a.m.•48 views

CVE-2024-8027

CVE-2024-8027 is a stored Cross-Site Scripting (XSS) vulnerability in netease-youdao/QAnything. According to Red Hat and NVD entries, attackers can upload a malicious knowledge file to the knowledge base, triggering XSS during user chats. Affected scope: all versions prior to the fix; explicit re...

6.1CVSS5.8AI score0.00306EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2025/03/20 10:10 a.m.•6 views

CVE-2024-8027 Stored Cross-Site Scripting (XSS) in netease-youdao/QAnything

6.1CVSS5.8AI score0.00306EPSS

CVE•added 2025/03/20 10:10 a.m.•45 views

CVE-2024-10833

CVE-2024-10833 affects eosphoros-ai/db-gpt v0.6.0. The vulnerability is an absolute path traversal in the knowledge API’s file upload endpoint (knowledge/{space_name}/document/upload), where the user-controllable parameter doc_file.filename enables arbitrary file writes to locations on the target...

9.1CVSS9.3AI score0.00715EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/03/20 10:10 a.m.•10 views

CVE-2024-10833 Arbitrary File Write in eosphoros-ai/db-gpt

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...

9.1CVSS0.00715EPSS

CNNVD•added 2025/03/20 12:0 a.m.•2 views

dify 代码问题漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A code issue vulnerability exists in version 0.10.2 of dify, which stems from the Create Knowledge section when uploading DOCX files is vulnerable to server-side request forgery attacks...

6.5CVSS6.7AI score0.00439EPSS

Exploits1References3

CNNVD•added 2025/03/20 12:0 a.m.•2 views

NetEase QAnything 跨站脚本漏洞

NetEase QAnything is a local knowledge base question and answer system from China's NetEase, Inc. that is designed to support files or databases in any format, and can be installed and used offline. A cross-site scripting vulnerability exists in NetEase QAnything. An attacker can exploit this...

6.1CVSS5.8AI score0.00306EPSS

CNNVD•added 2025/03/20 12:0 a.m.•2 views

DB-GPT 路径遍历漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. A path traversal vulnerability exists in DB-GPT version 0.6.0, which stems from an arbitrary file write vulnerability in the knowledge API that allows an attacker to write a file to an...

9.1CVSS9.1AI score0.00715EPSS

Positive Technologies•added 2025/03/14 12:0 a.m.•6 views

PT-2025-11254

Name of the Vulnerable Software and Affected Versions: Civi - Job Board & Freelance Marketplace WordPress Theme plugin versions up to, and including, 2.1.4 Description: The issue is due to a lack of user validation before changing a password, making it possible for unauthenticated attackers to...

9.8CVSS6AI score0.00409EPSS

Exploits0References13

Microsoft Security Update•added 2025/03/11 5:0 p.m.•84 views

2025-03 Cumulative security Hotpatch for Azure Stack HCI, version 21H2 and Windows Server 2022 Datacenter: Azure Edition for x64-based Systems (KB5053638)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information...

7.2AI score

Microsoft Security Update•added 2025/03/11 5:0 p.m.•65 views

2025-03 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5053606)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

Microsoft Security Update•added 2025/03/11 5:0 p.m.•18 views

2025-03 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5053606)

Microsoft Security Update•added 2025/03/11 5:0 p.m.•140 views

2025-03 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5053606)

Microsoft Security Update•added 2025/03/11 5:0 p.m.•20 views

2025-03 Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5053606)

Microsoft Security Update•added 2025/03/11 5:0 p.m.•22 views

2025-03 Cumulative Update for Windows 10 Version 22H2 for ARM64-based Systems (KB5053606)

Microsoft Security Update•added 2025/03/11 5:0 p.m.•105 views

2025-03 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5053603)

Microsoft Security Update•added 2025/03/11 5:0 p.m.•325 views

2025-03 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5053594)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

7.2AI score

Microsoft Security Update•added 2025/03/11 5:0 p.m.•42 views

2025-03 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5053594)

7.2AI score