Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/27 8:25 p.m.4 views

CVE-2026-28288

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...

6.9CVSS5.9AI score0.00635EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 10:3 a.m.17 views

CVE-2024-3829

qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the...

9.8CVSS6.5AI score0.00901EPSS
Exploits1References1
OSV
OSV
added 2025/01/02 2:26 p.m.6 views

CVE-2024-56137 MaxKB RCE vulnerability in function library

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation RAG. Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerabili...

6.8CVSS7.5AI score0.00772EPSS
Exploits1References3
OSV
OSV
added 2024/05/30 1:15 p.m.21 views

CVE-2024-3584

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/name/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt...

7.5CVSS6.8AI score
Exploits0References2
Rows per page
Query Builder