CVE List - 2025 / March
Showing 2201 - 2300 of 4018 CVEs for March 2025 (Page 23 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-10047 | 2025-03-20 | Directory Listing Vulnerability in parisneo/lollms-webui |
| CVE-2024-6483 | 2025-03-20 | Arbitrary File/Directory Deletion in aimhubio/aim |
| CVE-2024-8764 | 2025-03-20 | Improper Authorization in lunary-ai/lunary |
| CVE-2024-10366 | 2025-03-20 | IDOR in delete attachments in danny-avila/librechat |
| CVE-2024-12880 | 2025-03-20 | Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow |
| CVE-2024-7046 | 2025-03-20 | Improper Access Control in open-webui/open-webui |
| CVE-2024-8502 | 2025-03-20 | Remote Code Execution via Deserialization in modelscope/agentscope |
| CVE-2024-9098 | 2025-03-20 | Privilege Escalation in lunary-ai/lunary |
| CVE-2024-10901 | 2025-03-20 | Arbitrary File Write via DuckDB SQL Injection in eosphoros-ai/db-gpt |
| CVE-2024-8249 | 2025-03-20 | Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm |
| CVE-2024-9096 | 2025-03-20 | Improper Authorization in lunary-ai/lunary |
| CVE-2024-6839 | 2025-03-20 | Improper Regex Path Matching in corydolphin/flask-cors |
| CVE-2024-9309 | 2025-03-20 | SSRF in POST /worker_generate_stream API endpoint in haotian-liu/llava |
| CVE-2024-10267 | 2025-03-20 | Information Disclosure in transformeroptimus/superagi |
| CVE-2024-12911 | 2025-03-20 | SQL Injection in run-llama/llama_index |
| CVE-2024-7040 | 2025-03-20 | Improper Access Control in open-webui/open-webui |
| CVE-2024-7058 | 2025-03-20 | Relative Path Traversal in parisneo/lollms-webui |
| CVE-2024-9431 | 2025-03-20 | Improper Privilege Management in transformeroptimus/superagi |
| CVE-2024-9699 | 2025-03-20 | Cross-Site Scripting (XSS) in flatpressblog/flatpress |
| CVE-2024-8099 | 2025-03-20 | Server-Side Request Forgery (SSRF) in vanna-ai/vanna |
| CVE-2024-9362 | 2025-03-20 | Directory Traversal in polyaxon/polyaxon |
| CVE-2025-0315 | 2025-03-20 | Allocation of Resources Without Limits or Throttling in ollama/ollama |
| CVE-2024-8060 | 2025-03-20 | Remote Code Execution in OpenWebUI via Arbitrary File Upload |
| CVE-2024-11167 | 2025-03-20 | Improper Access Control in danny-avila/librechat |
| CVE-2024-12065 | 2025-03-20 | Local File Inclusion in haotian-liu/llava |
| CVE-2024-8438 | 2025-03-20 | Path Traversal in modelscope/agentscope |
| CVE-2024-10829 | 2025-03-20 | Denial of Service (DoS) via Multipart Boundary in eosphoros-ai/db-gpt |
| CVE-2024-10513 | 2025-03-20 | Path Traversal in mintplex-labs/anything-llm |
| CVE-2024-10935 | 2025-03-20 | Unauthenticated DoS via Multipart Boundary in automatic1111/stable-diffusion-webui |
| CVE-2024-8028 | 2025-03-20 | Denial of Service in danswer-ai/danswer |
| CVE-2024-10190 | 2025-03-20 | Unauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovod |
| CVE-2024-8859 | 2025-03-20 | Path Traversal in mlflow/mlflow |
| CVE-2024-7033 | 2025-03-20 | Arbitrary File Write in open-webui/open-webui |
| CVE-2024-4023 | 2025-03-20 | Stored XSS in flatpressblog/flatpress |
| CVE-2024-6851 | 2025-03-20 | Arbitrary File Deletion in aimhubio/aim |
| CVE-2024-6827 | 2025-03-20 | HTTP Request Smuggling in benoitc/gunicorn |
| CVE-2024-9919 | 2025-03-20 | Missing Authentication Check in parisneo/lollms-webui |
| CVE-2024-10707 | 2025-03-20 | Local File Inclusion in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-6854 | 2025-03-20 | Arbitrary File Overwrite in h2oai/h2o-3 |
| CVE-2024-7036 | 2025-03-20 | Denial of Service in open-webui/open-webui |
| CVE-2024-10908 | 2025-03-20 | Open Redirect in lm-sys/fastchat |
| CVE-2024-11039 | 2025-03-20 | Deserialization of Untrusted Data in binary-husky/gpt_academic |
| CVE-2024-11169 | 2025-03-20 | Unhandled Exception Leading to Server Crash in danny-avila/librechat |
| CVE-2024-7476 | 2025-03-20 | Broken Access Control in lunary-ai/lunary |
| CVE-2024-11301 | 2025-03-20 | Improper Enforcement of Unique Constraint in lunary-ai/lunary |
| CVE-2025-0182 | 2025-03-20 | Denial of Service in danswer-ai/danswer |
| CVE-2024-11603 | 2025-03-20 | Server-Side Request Forgery in lm-sys/fastchat |
| CVE-2025-0317 | 2025-03-20 | Divide By Zero in ollama/ollama |
| CVE-2024-12375 | 2025-03-20 | Local File Inclusion in automatic1111/stable-diffusion-webui |
| CVE-2024-12044 | 2025-03-20 | Remote Code Execution by Pickle Deserialization in open-mmlab/mmdetection |
| CVE-2024-7035 | 2025-03-20 | Cross-Site Request Forgery (CSRF) in open-webui/open-webui |
| CVE-2024-10264 | 2025-03-20 | HTTP Request Smuggling in netease-youdao/qanything |
| CVE-2024-8065 | 2025-03-20 | CSRF in danswer-ai/danswer |
| CVE-2024-10906 | 2025-03-20 | Cross-Site Request Forgery (CSRF) in eosphoros-ai/db-gpt |
| CVE-2024-9701 | 2025-03-20 | Remote Code Execution in kedro-org/kedro |
| CVE-2024-12388 | 2025-03-20 | Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic |
| CVE-2024-11172 | 2025-03-20 | Denial of Service in danny-avila/librechat |
| CVE-2024-10718 | 2025-03-20 | Cookie without Secure attribute in phpipam/phpipam |
| CVE-2024-10719 | 2025-03-20 | Stored Cross-site Scripting (XSS) in phpipam/phpipam |
| CVE-2024-9920 | 2025-03-20 | Unrestricted File Upload and Execution in parisneo/lollms-webui |
| CVE-2024-12433 | 2025-03-20 | Remote Code Execution in infiniflow/ragflow |
| CVE-2024-8024 | 2025-03-20 | CORS Misconfiguration in netease-youdao/qanything |
| CVE-2024-8061 | 2025-03-20 | Denial of Service in aimhubio/aim |
| CVE-2024-12778 | 2025-03-20 | Denial of Service in aimhubio/aim |
| CVE-2024-9447 | 2025-03-20 | Exposure of Sensitive Information in transformeroptimus/superagi |
| CVE-2024-10550 | 2025-03-20 | Denial of Service by ReDOS in h2oai/h2o-3 |
| CVE-2024-9056 | 2025-03-20 | Denial of Service in bentoml/bentoml |
| CVE-2024-11045 | 2025-03-20 | Cross-Site WebSocket Hijacking (CSWSH) in automatic1111/stable-diffusion-webui |
| CVE-2024-9107 | 2025-03-20 | Stored XSS in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-9159 | 2025-03-20 | Incorrect Authorization in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-10907 | 2025-03-20 | Denial of Service (DoS) via Multipart Boundary in lm-sys/fastchat |
| CVE-2024-6841 | 2025-03-20 | CSRF in vanna-ai/vanna |
| CVE-2024-9070 | 2025-03-20 | Deserialization Vulnerability in BentoML's Runner Server in bentoml/bentoml |
| CVE-2024-10019 | 2025-03-20 | Path Traversal and OS Command Injection in parisneo/lollms-webui |
| CVE-2024-8954 | 2025-03-20 | Authentication Bypass in composiohq/composio |
| CVE-2024-10833 | 2025-03-20 | Arbitrary File Write in eosphoros-ai/db-gpt |
| CVE-2024-0245 | 2025-03-20 | Task Hijacking in hamza417/inure |
| CVE-2024-7045 | 2025-03-20 | Improper Access Control in open-webui/open-webui |
| CVE-2024-11171 | 2025-03-20 | Improper Input Validation in danny-avila/librechat |
| CVE-2024-10363 | 2025-03-20 | Improper Access Control in danny-avila/LibreChat |
| CVE-2024-8055 | 2025-03-20 | Local File Read (LFI) by Prompt Injection via SnowFlake SQL in vanna-ai/vanna |
| CVE-2024-8616 | 2025-03-20 | Arbitrary File Overwrite in h2oai/h2o-3 |
| CVE-2025-1473 | 2025-03-20 | CSRF in mlflow/mlflow |
| CVE-2025-1474 | 2025-03-20 | Weak Password Requirements in mlflow/mlflow |
| CVE-2024-8551 | 2025-03-20 | Path Traversal in modelscope/agentscope |
| CVE-2024-7957 | 2025-03-20 | Arbitrary File Overwrite in danswer-ai/danswer |
| CVE-2025-0192 | 2025-03-20 | Stored Cross-site Scripting (XSS) in wandb/openui |
| CVE-2024-6583 | 2025-03-20 | Path Traversal in stangirard/quivr |
| CVE-2024-7044 | 2025-03-20 | Stored XSS in open-webui/open-webui |
| CVE-2024-9311 | 2025-03-20 | Cross-Site Request Forgery to XSS in haotian-liu/llava |
| CVE-2025-0183 | 2025-03-20 | Stored XSS in binary-husky/gpt_academic |
| CVE-2024-8982 | 2025-03-20 | Local File Inclusion in bentoml/openllm |
| CVE-2024-9617 | 2025-03-20 | IDOR in danswer-ai/danswer |
| CVE-2024-10819 | 2025-03-20 | CSRF to XSS in binary-husky/gpt_academic |
| CVE-2024-6842 | 2025-03-20 | Exposure of Sensitive Information in mintplex-labs/anything-llm |
| CVE-2024-12886 | 2025-03-20 | Out-Of-Memory (OOM) Vulnerability in ollama/ollama |
| CVE-2024-8789 | 2025-03-20 | Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary |
| CVE-2024-10330 | 2025-03-20 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-12376 | 2025-03-20 | Server Side Request Forgery in lm-sys/fastchat |
| CVE-2024-10722 | 2025-03-20 | Stored Cross-site Scripting (XSS) in phpipam/phpipam |