Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8984 | 1 Litellm | 1 Litellm | 2025-07-15 | N/A | N/A |
| A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service. | |||||
| CVE-2025-21005 | 1 Samsung | 1 Android | 2025-07-15 | N/A | N/A |
| Improper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information. | |||||
| CVE-2024-6090 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-15 | N/A | N/A |
| A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to a denial of service as users are unable to authenticate. | |||||
| CVE-2024-6036 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-15 | N/A | 9.1 CRITICAL |
| A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity. | |||||
| CVE-2024-6037 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-15 | N/A | 9.1 CRITICAL |
| A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption. | |||||
| CVE-2024-48828 | 1 Dell | 1 Smartfabric Os10 | 2025-07-14 | N/A | N/A |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | |||||
| CVE-2025-21000 | 1 Samsung | 1 Android | 2025-07-14 | N/A | 3.3 LOW |
| Improper privilege management in Bluetooth prior to SMR Jul-2025 Release 1 allows local attackers to enable Bluetooth. | |||||
| CVE-2025-21001 | 1 Samsung | 1 Android | 2025-07-14 | N/A | 5.5 MEDIUM |
| Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to stop broadcasting Auracast. | |||||
| CVE-2024-34043 | 1 Linuxfoundation | 1 Ric-app-kpimon-go | 2025-07-14 | N/A | N/A |
| O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message. | |||||
| CVE-2024-10650 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-14 | N/A | N/A |
| An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. The exploitation now requires low privilege if authentication is enabled due to a version upgrade in Gradio. | |||||
| CVE-2024-5208 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-12 | N/A | N/A |
| An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to shut down by sending an empty body with a 'Content-Length: 0' header or by sending a body with arbitrary content, such as 'asdasdasd', with a 'Content-Length: 9' header. The vulnerability is reproducible by users with at least a 'Manager' role, sending a crafted request to any workspace. This issue indicates that a previous fix was not effective in mitigating the vulnerability. | |||||
| CVE-2024-10363 | 1 Librechat | 1 Librechat | 2025-07-11 | N/A | N/A |
| In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the admin. This can break application logic and permissions, allowing unauthorized actions. | |||||
| CVE-2024-27613 | 1 Numbas | 1 Editor | 2025-07-11 | N/A | 7.3 HIGH |
| Numbas editor before 7.3 mishandles reading of themes and extensions. | |||||
| CVE-2025-49136 | 1 Nadh | 1 Listmonk | 2025-07-11 | N/A | 6.5 MEDIUM |
| listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-user (super admin) installations, on multi-user installations, this allows non-super-admin users with campaign or template permissions to use the `{{ env }}` template expression to capture sensitive environment variables. Users should upgrade to v5.0.2 to mitigate the issue. | |||||
| CVE-2025-47775 | 1 Bullfrogsec | 1 Bullfrog | 2025-07-11 | N/A | 8.6 HIGH |
| Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Prior to version 0.8.4, using tcp breaks blocking and allows DNS exfiltration. This can result in sandbox bypass. Version 0.8.4 fixes the issue. | |||||
| CVE-2025-26481 | 1 Dell | 1 Powerscale Onefs | 2025-07-11 | N/A | N/A |
| Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2024-1286 | 1 Strangerstudios | 1 Paid Memberships Pro | 2025-07-10 | N/A | N/A |
| The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site. | |||||
| CVE-2024-3584 | 1 Qdrant | 1 Qdrant | 2025-07-10 | N/A | 7.5 HIGH |
| qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0. | |||||
| CVE-2024-3829 | 1 Qdrant | 1 Qdrant | 2025-07-10 | N/A | 9.1 CRITICAL |
| qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot's directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0. | |||||
| CVE-2024-4287 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-10 | N/A | 7.2 HIGH |
| In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator accounts. | |||||