JFrog Security Research

Software Vulnerabilities

Last Updated On 20 Jan, 2025

144

Vulnerabilities
discovered

Fedify WebFinger Infinite Loop and Blind SSRFmediumCVE-2025-23221
CVE-2025-23221
CVE-2025-23221
medium
Discovered ByNatan Nehorai●
Published on 20 Jan, 2025 ●
JFSA-2024-001063927
Wget shorthand URLs SSRFmediumCVE-2024-10524
CVE-2024-10524
CVE-2024-10524
medium
Discovered ByGoni Golan●
Published on 19 Nov, 2024 ●
JFSA-2024-001039605
Mage AI pipeline interaction request remote arbitrary file leakmediumCVE-2024-45190
CVE-2024-45190
CVE-2024-45190
medium
Discovered ByOri Hollander●
Published on 23 Aug, 2024 ●
JFSA-2024-001039603
Mage AI file content request remote arbitrary file leakmediumCVE-2024-45188
CVE-2024-45188
CVE-2024-45188
medium
Discovered ByOri Hollander●
Published on 23 Aug, 2024 ●
JFSA-2024-001039604
Mage AI git content request remote arbitrary file leakmediumCVE-2024-45189
CVE-2024-45189
CVE-2024-45189
medium
Discovered ByOri Hollander●
Published on 23 Aug, 2024 ●
JFSA-2024-001039602
Mage AI deleted users RCEhighCVE-2024-45187
CVE-2024-45187
CVE-2024-45187
high
Discovered ByOri Hollander●
Published on 23 Aug, 2024 ●
JFSA-2024-001039574
Mage AI Terminal Server InfoleakmediumCVE-2024-8072
CVE-2024-8072
CVE-2024-8072
medium
Discovered ByOri Hollander●
Published on 22 Aug, 2024 ●
JFSA-2024-001039248
W&B Weave server remote arbitrary file leakhighCVE-2024-7340
CVE-2024-7340
CVE-2024-7340
high
Discovered ByNatan Nehorai and Uriya Yavnieli●
Published on 31 Jul, 2024 ●
JFSA-2024-001035518
H2O Model Deserialization RCEhighCVE-2024-6960
CVE-2024-6960
CVE-2024-6960
high
Discovered ByOri Hollander●
Published on 21 Jul, 2024 ●
JFSA-2024-001035519
Guardrails RAIL XXEmediumCVE-2024-6961
CVE-2024-6961
CVE-2024-6961
medium
Discovered ByNatan Nehorai●
Published on 21 Jul, 2024 ●