Total
32012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1968 | 1 Scrapy | 1 Scrapy | 2025-07-15 | N/A | 7.5 HIGH |
| In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in cross-origin requests when the scheme, host, or port changes. Consequently, when a redirect downgrades from HTTPS to HTTP, the Authorization header may be inadvertently exposed in plaintext, leading to potential sensitive information disclosure to unauthorized actors. The flaw is located in the _build_redirect_request function of the redirect middleware. | |||||
| CVE-2024-8613 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-15 | N/A | 8.8 HIGH |
| A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of other users. | |||||
| CVE-2024-5216 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-15 | N/A | 7.5 HIGH |
| A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to limit the size of usernames, enabling attackers to create users with excessively bulky texts in the username field. This exploit results in the user management panel becoming unresponsive, preventing administrators from performing critical user management actions such as editing, suspending, or deleting users. The impact of this vulnerability includes administrative paralysis, compromised security, and operational disruption, as it allows malicious users to perpetuate their presence within the system indefinitely, undermines the system's security posture, and degrades overall system performance. | |||||
| CVE-2024-8984 | 1 Litellm | 1 Litellm | 2025-07-15 | N/A | 7.5 HIGH |
| A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service. | |||||
| CVE-2025-21005 | 1 Samsung | 1 Android | 2025-07-15 | N/A | 5.5 MEDIUM |
| Improper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information. | |||||
| CVE-2024-6090 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-15 | N/A | 7.5 HIGH |
| A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to a denial of service as users are unable to authenticate. | |||||
| CVE-2024-6036 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-15 | N/A | 9.1 CRITICAL |
| A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity. | |||||
| CVE-2024-6037 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-15 | N/A | 9.1 CRITICAL |
| A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption. | |||||
| CVE-2024-48828 | 1 Dell | 1 Smartfabric Os10 | 2025-07-14 | N/A | 5.5 MEDIUM |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | |||||
| CVE-2025-21000 | 1 Samsung | 1 Android | 2025-07-14 | N/A | 6.2 MEDIUM |
| Improper privilege management in Bluetooth prior to SMR Jul-2025 Release 1 allows local attackers to enable Bluetooth. | |||||
| CVE-2025-21001 | 1 Samsung | 1 Android | 2025-07-14 | N/A | 6.2 MEDIUM |
| Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to stop broadcasting Auracast. | |||||
| CVE-2024-34043 | 1 Linuxfoundation | 1 Ric-app-kpimon-go | 2025-07-14 | N/A | 5.3 MEDIUM |
| O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message. | |||||
| CVE-2024-10650 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-14 | N/A | 7.5 HIGH |
| An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. The exploitation now requires low privilege if authentication is enabled due to a version upgrade in Gradio. | |||||
| CVE-2024-5208 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-12 | N/A | 6.5 MEDIUM |
| An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to shut down by sending an empty body with a 'Content-Length: 0' header or by sending a body with arbitrary content, such as 'asdasdasd', with a 'Content-Length: 9' header. The vulnerability is reproducible by users with at least a 'Manager' role, sending a crafted request to any workspace. This issue indicates that a previous fix was not effective in mitigating the vulnerability. | |||||
| CVE-2024-10363 | 1 Librechat | 1 Librechat | 2025-07-11 | N/A | 5.4 MEDIUM |
| In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the admin. This can break application logic and permissions, allowing unauthorized actions. | |||||
| CVE-2024-27613 | 1 Numbas | 1 Editor | 2025-07-11 | N/A | 7.3 HIGH |
| Numbas editor before 7.3 mishandles reading of themes and extensions. | |||||
| CVE-2024-25591 | 1 Benjaminrojas | 1 Wp Editor | 2025-07-11 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through 1.2.7. | |||||
| CVE-2025-49136 | 1 Nadh | 1 Listmonk | 2025-07-11 | N/A | 9.0 CRITICAL |
| listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-user (super admin) installations, on multi-user installations, this allows non-super-admin users with campaign or template permissions to use the `{{ env }}` template expression to capture sensitive environment variables. Users should upgrade to v5.0.2 to mitigate the issue. | |||||
| CVE-2025-47775 | 1 Bullfrogsec | 1 Bullfrog | 2025-07-11 | N/A | 6.2 MEDIUM |
| Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Prior to version 0.8.4, using tcp breaks blocking and allows DNS exfiltration. This can result in sandbox bypass. Version 0.8.4 fixes the issue. | |||||
| CVE-2025-26481 | 1 Dell | 1 Powerscale Onefs | 2025-07-11 | N/A | 7.5 HIGH |
| Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to denial of service. | |||||