CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-8613 |
Description: A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of other users.
CVSS: HIGH (8.1) EPSS Score: 0.03%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8524 |
Description: A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint.
CVSS: HIGH (7.5) EPSS Score: 0.21%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8501 |
Description: An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file method. This can lead to unauthorized access to sensitive information, including configuration files, credentials, and potentially system files, which may facilitate further exploitation such as privilege escalation or lateral movement within the network.
CVSS: HIGH (7.5) EPSS Score: 0.06%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8489 |
Description: A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery (CSRF) due to overly permissive CORS headers. This issue affects the latest commit on the main branch (21161fe). The vulnerability permits an attacker to access all backend endpoints, including the `api/file` endpoint, enabling the reading of arbitrary files on the target's local file system through CSRF.
CVSS: HIGH (8.8) EPSS Score: 0.02%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8487 |
Description: A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can lead to unauthorized data access, information disclosure, and potential further exploitation, thereby compromising the integrity and confidentiality of the system.
CVSS: HIGH (7.4) EPSS Score: 0.02%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8438 |
Description: A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not properly sanitize the `path` parameter, allowing an attacker to read arbitrary files on the server.
CVSS: HIGH (7.5) EPSS Score: 0.06%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8249 |
Description: mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerability by sending a malformed JSON payload to the API endpoint, causing a server crash due to an uncaught exception. This issue is fixed in version 1.2.2.
CVSS: HIGH (7.5) EPSS Score: 0.06%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8248 |
Description: A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can result in privilege escalation from manager to admin. The issue is fixed in version 1.2.2.
CVSS: HIGH (7.2) EPSS Score: 0.07%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8183 |
Description: A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruption, and data integrity risks.
CVSS: HIGH (7.6) EPSS Score: 0.02%
March 20th, 2025 (4 months ago)
|
|
CVE-2024-8156 |
Description: A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input `github.head.ref` is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version. An attacker can exploit this by creating a branch name with a malicious payload and opening a pull request, potentially leading to reverse shell access or theft of sensitive tokens and keys.
CVSS: HIGH (8.8) EPSS Score: 0.4%
March 20th, 2025 (4 months ago)
|