ZEROPATH WALL OF FAME

We're on a mission to secure the world's code.

All of the vulnerabilities listed have been found & fixed by ZeroPath. This selection represents a subset of vulnerabilities we've found in open source projects.

15

Open source vulnerabilities found by ZeroPath

+ 10 in the responsible disclosure process

CVE-2024-43035

2024-09-20

Local File Inclusion in Fonoster

A Local File Inclusion vulnerability was discovered in the Fonoster project.

CVE TBD

2024-09-20

Unauthorized Access to Any User's Jobs in LibrePhotos

Ability to delete any jobs (admin permission) in the LibrePhotos project.

CVE TBD

2024-09-20

Token Refresh Vulnerability in LibrePhotos

Persistence on any account via continuous token refreshing in the LibrePhotos project.

CVE TBD

2024-09-20

Unauthorized Conversation Deletion in RagFlow

Ability to delete anyone's conversation based on having the ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized Canvas Deletion in RagFlow

Ability to delete anyone's canvas in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized Knowledge Base Access in RagFlow

Ability to read anyone's knowledge base just by having the ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized File Movement in RagFlow

Ability to move anyone's files just based on ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized Conversation Access in RagFlow

Ability to read anyone's conversation just by having the ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized API Key Removal in RagFlow

Ability to remove anyone's API key just based on having the ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized Knowledge Base Enumeration in RagFlow

Ability to get information on anyone's knowledge base just by having the ID in the RagFlow project.

CVE TBD

2024-09-20

Unauthorized Dialog Deletion in RagFlow

Ability to delete anyone's dialog just by having the ID in the RagFlow project.

CVE TBD

2024-09-20

Local File Inclusion in E2nest

A Local File Inclusion vulnerability was discovered in the E2nest project.

CVE TBD

2024-09-20

Remote Code Execution in Uptrain

A Remote Code Execution vulnerability was discovered in the Uptrain project.

CVE TBD

2024-09-20

Command Injection in Clone-voice

A Command Injection vulnerability was discovered in the Clone-voice project.

CVE TBD

2024-09-20

File Upload and Path Traversal in LibrePhotos

A File Upload vulnerability combined with a Path Traversal vulnerability was discovered in the LibrePhotos project.

Ready for effortless AppSec?

Get a live ZeroPath tour.

Schedule a demo with one of the founders Dean Valentine Raphael Karger Nathan Hrncirik Yaacov Tarko to get started.