Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

infiniflow — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting infiniflow. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by infiniflow:infiniflow/ragflowragflow
CVE IDTitleCVSSSeverityPublished
CVE-2026-28797 RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component — ragflowCWE-20 8.8AIHighAI2026-04-03
CVE-2026-24770 RAGFlow Affected by Zip Slip Remote Code Execution (RCE) in MinerUParser — ragflowCWE-22 9.8 Critical2026-01-27
CVE-2025-69286 RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability — ragflowCWE-340 9.8 -2025-12-31
CVE-2025-68700 RAGFlow Remote Code Execution Vulnerability — ragflowCWE-78 9.9 -2025-12-31
CVE-2025-48187 RAGFlow 安全漏洞 — RAGFlowCWE-307 9.1 Critical2025-05-17
CVE-2024-12779 SSRF in infiniflow/ragflow — infiniflow/ragflowCWE-918 7.5 -2025-03-20
CVE-2024-12869 Improper Authentication in infiniflow/ragflow — infiniflow/ragflowCWE-306 3.5 -2025-03-20
CVE-2024-12871 Stored Cross-site Scripting (XSS) in infiniflow/ragflow — infiniflow/ragflowCWE-79 5.4 -2025-03-20
CVE-2024-12450 RCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflow — infiniflow/ragflowCWE-918 9.1 -2025-03-20
CVE-2024-12870 Stored Cross-site Scripting (XSS) in infiniflow/ragflow — infiniflow/ragflowCWE-79 6.1 -2025-03-20
CVE-2024-12433 Remote Code Execution in infiniflow/ragflow — infiniflow/ragflowCWE-502 9.8 -2025-03-20
CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow — infiniflow/ragflowCWE-639 8.1 -2025-03-20
CVE-2025-27135 RAGFlow SQL Injection vulnerability — ragflowCWE-89 9.8 -2025-02-25
CVE-2025-25282 Potential Insecure Direct Object Reference (IDOR) vulnerability in ragflow — ragflowCWE-639 7.1 -2025-02-21
CVE-2024-10131 Remote Code Execution in infiniflow/ragflow — infiniflow/ragflowCWE-94 9.8 -2024-10-19

This page lists every published CVE security advisory associated with infiniflow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.