33 matches found
📄 Cinnamon kotaemon 0.11.0 ZIP Bomb
Cinnamon kotaemon version 0.11.0 zip bomb proof of concept denial of service exploit. ============================================================================================================================================= | Title : Cinnamon kotaemon v 0.11.0 ZIP Bomb Vulnerability in...
CVE-2025-63914
An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...
EUVD-2025-198989
An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...
CVE-2025-63914
An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...
CVE-2025-63914
Cinnamon kotaemon 0.11.0 is affected by CVE-2025-63914 due to the _may_extract_zip function in lib/ktem/ktem/index/file/ui.py not validating uploaded ZIP contents. This can allow a ZIP bomb to exhaust resources during decompression; even though files are extracted to a temporary folder cleared af...
CVE-2025-63914
An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...
Cinnamon kotaemon 安全漏洞
Cinnamon kotaemon is a RAG-based open source tool from Cinnamon Open Source. A security vulnerability exists in Cinnamon kotaemon version 0.11.0, which stems from a failure of the mayextractzip function to check the contents of a ZIP file, which could lead to resource exhaustion...
CVE-2025-63914
An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...
CVE-2025-56527
Plaintext password storage in Kotaemon 0.11.0 in the client's localStorage...
CVE-2025-56526
Cross site scripting XSS vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF...
CVE-2025-56526
Cross site scripting XSS vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF...
CVE-2025-56526
Cross site scripting XSS vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF...
CVE-2025-56527
Plaintext password storage in Kotaemon 0.11.0 in the client's localStorage...
CVE-2025-56527
Plaintext password storage in Kotaemon 0.11.0 in the client's localStorage...
PT-2025-47336
Name of the Vulnerable Software and Affected Versions Kotaemon version 0.11.0 Description The software stores passwords in plaintext within the client's localStorage. This poses a significant risk as anyone with access to the client's storage can easily retrieve user credentials. Recommendations...
CVE-2025-56526
Cross site scripting XSS vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF...
CVE-2025-56527
Plaintext password storage in Kotaemon 0.11.0 in the client's localStorage...
EUVD-2025-198039
Cross site scripting XSS vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF...
CVE-2025-56527
Plaintext password storage in Kotaemon 0.11.0 in the client's localStorage...
PT-2025-47335
Name of the Vulnerable Software and Affected Versions Kotaemon version 0.11.0 Description A cross site scripting XSS issue exists in Kotaemon version 0.11.0. This allows attackers to execute arbitrary code through a specially crafted PDF file. The issue involves the potential for malicious code...