Vulnerabilidades en infiniflow
16 resultadosCVE-2024-12433CRITICALRemote Code Execution in infiniflow/ragflowEPSS 1.5%CVE-2024-12450MEDIUMRCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflowEPSS 1.2%CVE-2024-10131HIGHRemote Code Execution in infiniflow/ragflowEPSS 1.1%CVE-2026-24770CRITICALRAGFlow Affected by Zip Slip Remote Code Execution (RCE) in MinerUParserEPSS 0.9%CVE-2024-12880HIGHPartial Account Takeover due to Insecure Data Querying in infiniflow/ragflowEPSS 0.6%CVE-2024-12779MEDIUMSSRF in infiniflow/ragflowEPSS 0.6%CVE-2025-27135HIGHRAGFlow SQL Injection vulnerabilityEPSS 0.6%CVE-2024-12869MEDIUMImproper Authentication in infiniflow/ragflowEPSS 0.5%CVE-2025-69286HIGHRAGFlow has Predictable Token Generation Leading to Authentication Bypass VulnerabilityEPSS 0.5%CVE-2025-48187CRITICALRAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification cEPSS 0.5%CVE-2025-68700HIGHRAGFlow Remote Code Execution VulnerabilityEPSS 0.5%CVE-2024-12870MEDIUMStored Cross-site Scripting (XSS) in infiniflow/ragflowEPSS 0.5%CVE-2025-25282HIGHPotential Insecure Direct Object Reference (IDOR) vulnerability in ragflowEPSS 0.4%CVE-2026-28797HIGHRAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" ComponentEPSS 0.4%CVE-2024-12871MEDIUMStored Cross-site Scripting (XSS) in infiniflow/ragflowEPSS 0.4%CVE-2026-45312CRITICALRAGFlow: Server-Side Template Injection in Prompt Generator leads to Remote Code ExecutionEPSS 0.3%