Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2288
A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows malicious users to change a victim'...
NA
CVE-2024-2362
A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises f...
NA
CVE-2024-2928
A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as...
NA
CVE-2024-3110
A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest prior to 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied U...
NA
CVE-2024-2965
A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a...
NA
CVE-2024-32873
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. The spendable balance is not updated properly when delegating vested tokens. The issue allows a clawback vesting account to anticipate the release of unvested tokens. This vulnerability is fixed in 18.0.0.
NA
CVE-2024-36730
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows malicious users to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter.
NA
CVE-2024-36732
An issue in OneFlow-Inc. Oneflow v0.9.1 allows malicious users to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot.
NA
CVE-2024-36734
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows malicious users to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter.
NA
CVE-2024-36740
An issue in OneFlow-Inc. Oneflow v0.9.1 allows malicious users to cause a Denial of Service (DoS) when index as a negative number exceeds the range of size.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »