Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
InfiniflowRagflow

3 matches found

CVE
CVEadded 2025/02/21 9:15 p.m.68 views

CVE-2025-25282

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability that may lead to unauthorized cross-tenant access (list tenant user accounts, add user account into...

8.1CVSS6.8AI score0.00045EPSS
CVE
CVEadded 2025/03/20 10:15 a.m.61 views

CVE-2024-12880

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and access...

8.1CVSS7.9AI score0.00049EPSS
CVE
CVEadded 2024/10/19 4:15 a.m.43 views

CVE-2024-10131

The add_llm function in llm_app.py in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input req['llm_factory'] and req['llm_name'] to dynamically instantiate classes from various model dictionaries. This approach allows an atta...

8.8CVSS9.1AI score0.00641EPSS