CVSS: 6.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-8982 – Local File Inclusion in bentoml/openllm
https://notcve.org/view.php?id=CVE-2024-8982
20 Mar 2025 — A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. ... Attackers could leverage the exposed information to further penetrate the network, exfiltrate data, or escalate privileges within the environment. • https://huntr.com/bounties/b7bdc9a1-51ac-402a-8e6e-0d977699aca6 • CWE-29: Path Traversal: '\.. •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-10513 – Path Traversal in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-10513
20 Mar 2025 — A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. ... This can lead to unauthorized access to sensitive data, privilege escalation, and potential data loss. • https://github.com/mintplex-labs/anything-llm/commit/47a5c7126c20e2277ee56e2c7ee11990886a40a7 • CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8501 – Arbitrary File Download in modelscope/agentscope
https://notcve.org/view.php?id=CVE-2024-8501
20 Mar 2025 — This can lead to unauthorized access to sensitive information, including configuration files, credentials, and potentially system files, which may facilitate further exploitation such as privilege escalation or lateral movement within the network. • https://huntr.com/bounties/83e433c0-ed2d-4b10-8358-d3c1eee0a47c • CWE-36: Absolute Path Traversal •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-48590
https://notcve.org/view.php?id=CVE-2024-48590
20 Mar 2025 — This allows an attacker to escalate privileges and obtain sensitive information. • https://github.com/GCatt-AS/CVE-2024-48590 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-26393 – SolarWinds Service Desk Broken Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2025-26393
17 Mar 2025 — The issue allows authenticated users to escalate privileges, leading to unauthorized data manipulation. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26393 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-26125
https://notcve.org/view.php?id=CVE-2025-26125
17 Mar 2025 — An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges. • https://github.com/ZeroMemoryEx/CVE-2025-26125 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2025-29775 – xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment
https://notcve.org/view.php?id=CVE-2025-29775
14 Mar 2025 — For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user. • https://github.com/ethicalPap/CVE-2025-29775 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-29774 – xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
https://notcve.org/view.php?id=CVE-2025-29774
14 Mar 2025 — For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. • https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57062
https://notcve.org/view.php?id=CVE-2024-57062
13 Mar 2025 — An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component. • http://soundcloud.com • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25598
https://notcve.org/view.php?id=CVE-2025-25598
13 Mar 2025 — Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task. • https://github.com/quriusfox/vulnerability-research/tree/main/CVE-2025-25598 • CWE-284: Improper Access Control •