ZEROPATH WALL OF FAME
We're on a mission to secure the world's code.
All of the vulnerabilities listed have been found & fixed by ZeroPath. This selection represents a subset of vulnerabilities we've found in open source projects.
15
Open source vulnerabilities found by ZeroPath
+ 10 in the responsible disclosure process
CVE-2024-43035
2024-09-20
Local File Inclusion in Fonoster
A Local File Inclusion vulnerability was discovered in the Fonoster project.
CVE TBD
2024-09-20
Unauthorized Access to Any User's Jobs in LibrePhotos
Ability to delete any jobs (admin permission) in the LibrePhotos project.
CVE TBD
2024-09-20
Token Refresh Vulnerability in LibrePhotos
Persistence on any account via continuous token refreshing in the LibrePhotos project.
CVE TBD
2024-09-20
Unauthorized Conversation Deletion in RagFlow
Ability to delete anyone's conversation based on having the ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized Canvas Deletion in RagFlow
Ability to delete anyone's canvas in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized Knowledge Base Access in RagFlow
Ability to read anyone's knowledge base just by having the ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized File Movement in RagFlow
Ability to move anyone's files just based on ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized Conversation Access in RagFlow
Ability to read anyone's conversation just by having the ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized API Key Removal in RagFlow
Ability to remove anyone's API key just based on having the ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized Knowledge Base Enumeration in RagFlow
Ability to get information on anyone's knowledge base just by having the ID in the RagFlow project.
CVE TBD
2024-09-20
Unauthorized Dialog Deletion in RagFlow
Ability to delete anyone's dialog just by having the ID in the RagFlow project.
CVE TBD
2024-09-20
Local File Inclusion in E2nest
A Local File Inclusion vulnerability was discovered in the E2nest project.
CVE TBD
2024-09-20
Remote Code Execution in Uptrain
A Remote Code Execution vulnerability was discovered in the Uptrain project.
CVE TBD
2024-09-20
Command Injection in Clone-voice
A Command Injection vulnerability was discovered in the Clone-voice project.
CVE TBD
2024-09-20
File Upload and Path Traversal in LibrePhotos
A File Upload vulnerability combined with a Path Traversal vulnerability was discovered in the LibrePhotos project.