CVE-2024-5822 : GAIZHENBIAO CHUANHUCHATGPT UP TO 20240410 SERVER-SIDE REQUEST FORGERY
Description A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions
CVE-2024-5980 : LIGHTNING-AI PYTORCH-LIGHTNING UP TO 2.2.4 API ENDPOINT /V1/RUNS UNRESTRICTED UPLOAD
Description A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is…
CVE-2024-5751 : BERRIAI LITELLM UP TO 1.35.8 ENVIRONMENT VARIABLE ADD_DEPLOYMENT CODE INJECTION
Description BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and…
CVE-2024-5826 : VANNA-AI VANNA SRC/VANNA/BASE/BASE.PY VANNA.ASK CODE INJECTION
Description In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection. The root cause is the…
CVE-2024-3330 : SPOTFIRE ANALYST/SERVER/FOR AWS MARKETPLACE PRIVILEGE ESCALATION
Description Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution…
CVE-2024-6127 : BC SECURITY EMPIRE UP TO 5.9.2 PATH TRAVERSAL
Description BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can…