目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

infiniflow 厂商漏洞列表 / CVE 中文分析 15

infiniflow 厂商相关 15 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

InfiniFlow 是一家专注于企业级智能搜索与知识管理系统的厂商,其产品提供文档处理、语义检索和AI增强功能。历史漏洞记录显示,该系统曾存在远程代码执行、跨站脚本请求伪造和权限绕过等安全问题,主要涉及API接口和文件上传模块。截至最新统计,已公开的安全漏洞达15个,其中多个高危漏洞可导致未授权访问或系统控制,建议用户及时更新版本并加强访问控制。

上位製品 infiniflow: infiniflow/ragflow ragflow
CVE IDタイトルCVSS深刻度公開日
CVE-2026-28797 RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component — ragflowCWE-20 8.8AIHighAI2026-04-03
CVE-2026-24770 RAGFlow Affected by Zip Slip Remote Code Execution (RCE) in MinerUParser — ragflowCWE-22 9.8 Critical2026-01-27
CVE-2025-69286 RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability — ragflowCWE-340 9.8 -2025-12-31
CVE-2025-68700 RAGFlow Remote Code Execution Vulnerability — ragflowCWE-78 9.9 -2025-12-31
CVE-2025-48187 RAGFlow 安全漏洞 — RAGFlowCWE-307 9.1 Critical2025-05-17
CVE-2024-12779 SSRF in infiniflow/ragflow — infiniflow/ragflowCWE-918 7.5 -2025-03-20
CVE-2024-12869 Improper Authentication in infiniflow/ragflow — infiniflow/ragflowCWE-306 3.5 -2025-03-20
CVE-2024-12871 Stored Cross-site Scripting (XSS) in infiniflow/ragflow — infiniflow/ragflowCWE-79 5.4 -2025-03-20
CVE-2024-12450 RCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflow — infiniflow/ragflowCWE-918 9.1 -2025-03-20
CVE-2024-12870 Stored Cross-site Scripting (XSS) in infiniflow/ragflow — infiniflow/ragflowCWE-79 6.1 -2025-03-20
CVE-2024-12433 Remote Code Execution in infiniflow/ragflow — infiniflow/ragflowCWE-502 9.8 -2025-03-20
CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow — infiniflow/ragflowCWE-639 8.1 -2025-03-20
CVE-2025-27135 RAGFlow SQL Injection vulnerability — ragflowCWE-89 9.8 -2025-02-25
CVE-2025-25282 Potential Insecure Direct Object Reference (IDOR) vulnerability in ragflow — ragflowCWE-639 7.1 -2025-02-21
CVE-2024-10131 Remote Code Execution in infiniflow/ragflow — infiniflow/ragflowCWE-94 9.8 -2024-10-19

本页汇总了 infiniflow 厂商截至目前公开的全部 15 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。