Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 10:45:51 +0000 907c938c-2d5d-4cd7-aaa6-7304292c0e51 https://vulnerability.circl.lu/sighting/907c938c-2d5d-4cd7-aaa6-7304292c0e51/export {"uuid": "907c938c-2d5d-4cd7-aaa6-7304292c0e51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10131", "type": "seen", "source": "https://t.me/cvedetector/8350", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-10131 - InfiniFlow RCE via User-Controlled Class Instantiation\", \n \"Content\": \"CVE ID : CVE-2024-10131 \nPublished : Oct. 19, 2024, 4:15 a.m. | 39\u00a0minutes ago \nDescription : The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input `req['llm_factory']` and `req['llm_name']` to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to potentially execute arbitrary code due to the lack of comprehensive input validation or sanitization. An attacker could provide a malicious value for 'llm_factory' that, when used as an index to these model dictionaries, results in the execution of arbitrary code. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-19T07:07:52.000000Z"} {"uuid": "907c938c-2d5d-4cd7-aaa6-7304292c0e51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10131", "type": "seen", "source": "https://t.me/cvedetector/8350", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-10131 - InfiniFlow RCE via User-Controlled Class Instantiation\", \n \"Content\": \"CVE ID : CVE-2024-10131 \nPublished : Oct. 19, 2024, 4:15 a.m. | 39\u00a0minutes ago \nDescription : The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input `req['llm_factory']` and `req['llm_name']` to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to potentially execute arbitrary code due to the lack of comprehensive input validation or sanitization. An attacker could provide a malicious value for 'llm_factory' that, when used as an index to these model dictionaries, results in the execution of arbitrary code. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-19T07:07:52.000000Z"} https://vulnerability.circl.lu/sighting/907c938c-2d5d-4cd7-aaa6-7304292c0e51/export Sat, 19 Oct 2024 07:07:52 +0000