NA - CVE-2024-10366 - An improper access control vulnerability (IDOR)...
An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided...
NA - CVE-2024-10457 - Multiple Server-Side Request Forgery (SSRF)...
Multiple Server-Side Request Forgery (SSRF) vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search blocks. These...
NA - CVE-2024-10481 - A CSRF vulnerability exists in...
A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can...
NA - CVE-2024-10513 - A path traversal vulnerability exists in the...
A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users...
NA - CVE-2024-10549 - A vulnerability in the `/3/Parse` endpoint of...
A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to construct a regular expression,...
NA - CVE-2024-10550 - A vulnerability in the `/3/ParseSetup` endpoint...
A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint applies a user-specified regular expression to a...
NA - CVE-2024-10553 - A vulnerability in the h2oai/h2o-3 REST API...
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in...
NA - CVE-2024-10569 - A vulnerability in the dataframe component of...
A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept...
NA - CVE-2024-10572 - In h2oai/h2o-3 version 3.46.0.1, the `run_tool`...
In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. This includes the `XGBoostLibExtractTool` class, which can be...
NA - CVE-2024-10624 - A Regular Expression Denial of Service (ReDoS)...
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The...