Lista CVE - 2025 / Marzo
Visualizzazione 2301 - 2400 di 4018 CVE per Marzo 2025 (Pagina 24 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-6863 | 2025-03-20 | Encryption of Arbitrary Files with Attacker-Controlled Key in h2oai/h2o-3 |
| CVE-2024-8027 | 2025-03-20 | Stored Cross-Site Scripting (XSS) in netease-youdao/QAnything |
| CVE-2024-11033 | 2025-03-20 | Denial of Service (DoS) in binary-husky/gpt_academic |
| CVE-2024-12882 | 2025-03-20 | SSRF in comfyanonymous/comfyui |
| CVE-2024-8018 | 2025-03-20 | Denial of Service (DOS) in imartinez/privategpt |
| CVE-2024-6982 | 2025-03-20 | Remote Code Execution in Calculate Function in parisneo/lollms |
| CVE-2024-10720 | 2025-03-20 | Stored Cross-site Scripting (XSS) in phpipam/phpipam |
| CVE-2024-12391 | 2025-03-20 | Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic |
| CVE-2024-11173 | 2025-03-20 | Unhandled Exception in danny-avila/librechat |
| CVE-2024-9439 | 2025-03-20 | Remote Code Execution in transformeroptimus/superagi |
| CVE-2024-10714 | 2025-03-20 | Denial of Service in binary-husky/gpt_academic |
| CVE-2024-7983 | 2025-03-20 | Denial of Service in open-webui/open-webui |
| CVE-2024-12390 | 2025-03-20 | Remote Code Execution in binary-husky/gpt_academic |
| CVE-2024-9308 | 2025-03-20 | Open Redirect in haotian-liu/llava |
| CVE-2024-10950 | 2025-03-20 | Code Injection in binary-husky/gpt_academic |
| CVE-2024-6577 | 2025-03-20 | Unclaimed S3 Bucket Usage in pytorch/serve |
| CVE-2024-8765 | 2025-03-20 | Improper Path Equivalence Resolution in lunary-ai/lunary |
| CVE-2024-9099 | 2025-03-20 | Exposure of Private API Keys in lunary-ai/lunary |
| CVE-2024-11041 | 2025-03-20 | Remote Code Execution in vllm-project/vllm |
| CVE-2024-7043 | 2025-03-20 | Improper Access Control in open-webui/open-webui |
| CVE-2024-9437 | 2025-03-20 | Unauthenticated Denial of Service in transformeroptimus/superagi |
| CVE-2024-6986 | 2025-03-20 | Cross-site Scripting (XSS) in parisneo/lollms-webui |
| CVE-2024-10252 | 2025-03-20 | Code Injection in langgenius/dify |
| CVE-2024-9229 | 2025-03-20 | Denial of Service (DoS) via Multipart Boundary in stangirard/quivr |
| CVE-2024-12776 | 2025-03-20 | Authentication Bypass in langgenius/dify |
| CVE-2025-0187 | 2025-03-20 | Denial of Service (DoS) by Sending Large Filename at File Upload Endpoint in gradio-app/gradio |
| CVE-2024-10624 | 2025-03-20 | Regular Expression Denial of Service (ReDoS) in gradio-app/gradio |
| CVE-2024-12389 | 2025-03-20 | Path Traversal in binary-husky/gpt_academic |
| CVE-2024-9365 | 2025-03-20 | Cross-Site Request Forgery (CSRF) in polyaxon/polyaxon |
| CVE-2024-10359 | 2025-03-20 | Mass Assignment in Preset Creation Allows User ID Manipulation in danny-avila/librechat |
| CVE-2025-0281 | 2025-03-20 | Stored Cross-Site Scripting (XSS) in lunary-ai/lunary |
| CVE-2024-12870 | 2025-03-20 | Stored Cross-site Scripting (XSS) in infiniflow/ragflow |
| CVE-2025-0628 | 2025-03-20 | Improper Authorization in BerriAI/litellm |
| CVE-2025-0191 | 2025-03-20 | Denial of Service in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-11958 | 2025-03-20 | SQL Injection in run-llama/llama_index |
| CVE-2024-10954 | 2025-03-20 | Prompt Injection Leading to RCE in binary-husky/gpt_academic Plugin `manim` |
| CVE-2024-8057 | 2025-03-20 | Improper Access Control in danswer-ai/danswer |
| CVE-2024-12864 | 2025-03-20 | Unauthenticated DoS by Sending Large Filename at File Upload Endpoint in netease-youdao/qanything |
| CVE-2024-10188 | 2025-03-20 | Denial of Service in BerriAI/litellm |
| CVE-2024-7768 | 2025-03-20 | Denial of Service in h2oai/h2o-3 |
| CVE-2024-7034 | 2025-03-20 | Remote Code Execution due to Arbitrary File Write in open-webui/open-webui |
| CVE-2025-1451 | 2025-03-20 | Insufficient Patch Leading to DoS in parisneo/lollms-webui |
| CVE-2024-6829 | 2025-03-20 | Arbitrary File Overwrite through tarfile-extraction in aimhubio/aim |
| CVE-2024-6844 | 2025-03-20 | Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors |
| CVE-2024-0640 | 2025-03-20 | Stored XSS in chatwoot/chatwoot |
| CVE-2024-12534 | 2025-03-20 | Denial of Service (DoS) in open-webui/open-webui |
| CVE-2024-10051 | 2025-03-20 | Unauthenticated Denial of Service in shaunwei/realchar |
| CVE-2025-0312 | 2025-03-20 | NULL Pointer Dereference in ollama/ollama |
| CVE-2024-11602 | 2025-03-20 | CORS Vulnerability in feast-dev/feast |
| CVE-2025-0189 | 2025-03-20 | Denial of Service in aimhubio/aim |
| CVE-2024-10986 | 2025-03-20 | Local File Read (LFI) by Tarslip Symlink via arxiv_download() API in binary-husky/gpt_academic |
| CVE-2024-11850 | 2025-03-20 | Stored XSS in langgenius/dify |
| CVE-2024-8063 | 2025-03-20 | Divide by Zero in ollama/ollama |
| CVE-2024-8953 | 2025-03-20 | Unsafe eval usage in composiohq/composio |
| CVE-2024-10569 | 2025-03-20 | Zip Bomb Vulnerability in gradio-app/gradio |
| CVE-2024-8898 | 2025-03-20 | Path Traversal in parisneo/lollms-webui |
| CVE-2024-10727 | 2025-03-20 | Cross-Site Scripting (XSS) in phpipam/phpipam |
| CVE-2024-7776 | 2025-03-20 | Arbitrary File Overwrite in onnx/onnx |
| CVE-2024-8952 | 2025-03-20 | SSRF in composiohq/composio |
| CVE-2024-6866 | 2025-03-20 | Case-Insensitive Path Matching in corydolphin/flask-cors |
| CVE-2024-10912 | 2025-03-20 | Denial of Service in lm-sys/fastchat |
| CVE-2024-8537 | 2025-03-20 | Path Traversal in modelscope/agentscope |
| CVE-2024-10955 | 2025-03-20 | ReDoS (Regular Expression Denial of Service) in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-10834 | 2025-03-20 | Arbitrary File Write in eosphoros-ai/db-gpt |
| CVE-2024-7039 | 2025-03-20 | Improper Privilege Management in open-webui/open-webui |
| CVE-2025-0453 | 2025-03-20 | Denial of Service through Batched Queries in GraphQL in mlflow/mlflow |
| CVE-2024-8966 | 2025-03-20 | Denial of Service in gradio-app/gradio |
| CVE-2024-8026 | 2025-03-20 | CSRF due to overly permissive CORS headers in netease-youdao/qanything |
| CVE-2024-8998 | 2025-03-20 | Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary |
| CVE-2024-8062 | 2025-03-20 | Denial of Service in h2oai/h2o-3 |
| CVE-2024-12450 | 2025-03-20 | RCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflow |
| CVE-2025-1040 | 2025-03-20 | Server-Side Template Injection (SSTI) in significant-gravitas/autogpt |
| CVE-2024-7806 | 2025-03-20 | Remote Code Execution by Non-Admin Users via CSRF in open-webui/open-webui |
| CVE-2024-10272 | 2025-03-20 | Broken Access Control in lunary-ai/lunary |
| CVE-2024-12871 | 2025-03-20 | Stored Cross-site Scripting (XSS) in infiniflow/ragflow |
| CVE-2024-10721 | 2025-03-20 | Store XSS in phpipam/phpipam |
| CVE-2024-9612 | 2025-03-20 | Unauthorized Access in danswer-ai/danswer |
| CVE-2024-10948 | 2025-03-20 | Arbitrary File Read via Upload Function in binary-husky/gpt_academic |
| CVE-2024-12217 | 2025-03-20 | Path Traversal in gradio-app/gradio |
| CVE-2024-8238 | 2025-03-20 | Unrestricted Code Execution in aimhubio/aim |
| CVE-2024-12074 | 2025-03-20 | Denial of Service in automatic1111/stable-diffusion-webui |
| CVE-2024-8183 | 2025-03-20 | CORS Misconfiguration in prefecthq/prefect |
| CVE-2024-10648 | 2025-03-20 | Path Traversal in gradio-app/gradio |
| CVE-2024-8400 | 2025-03-20 | Stored XSS in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-8021 | 2025-03-20 | Open Redirect in gradio-app/gradio |
| CVE-2024-8053 | 2025-03-20 | Improper Authentication in open-webui/open-webui |
| CVE-2024-11043 | 2025-03-20 | Denial of Service (DoS) via Large Payload in Board Name Field in invoke-ai/invokeai |
| CVE-2024-4990 | 2025-03-20 | Unsafe Reflection in base Component class in yiisoft/yii2 |
| CVE-2024-12777 | 2025-03-20 | Denial of Service in aimhubio/aim |
| CVE-2024-12720 | 2025-03-20 | Regular Expression Denial of Service (ReDoS) in huggingface/transformers |
| CVE-2024-11030 | 2025-03-20 | SSRF in binary-husky/gpt_academic |
| CVE-2024-7053 | 2025-03-20 | Session Fixation in open-webui/open-webui |
| CVE-2024-8958 | 2025-03-20 | Unrestricted File Write and Read in composiohq/composio |
| CVE-2024-12070 | 2025-03-20 | Denial of Service in haotian-liu/llava |
| CVE-2024-8736 | 2025-03-20 | Denial of Service (DoS) via Multipart Boundary in parisneo/lollms-webui |
| CVE-2024-5752 | 2025-03-20 | Path Traversal in stitionai/devika |
| CVE-2024-8524 | 2025-03-20 | Directory Traversal in modelscope/agentscope |
| CVE-2024-10830 | 2025-03-20 | Path Traversal in eosphoros-ai/db-gpt |
| CVE-2024-11300 | 2025-03-20 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-12869 | 2025-03-20 | Improper Authentication in infiniflow/ragflow |