Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
InfiniflowRagflow

2 matches found

CVE
CVEadded 2025/02/25 7:15 p.m.69 views

CVE-2025-27135

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available.

9.8CVSS7.4AI score0.00048EPSS
CVE
CVEadded 2025/02/21 9:15 p.m.68 views

CVE-2025-25282

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability that may lead to unauthorized cross-tenant access (list tenant user accounts, add user account into...

8.1CVSS6.8AI score0.00045EPSS