← Back

Davinci

davinci

Vendor: Davinci Project • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-31847
1Davinci Project
1Davinci
Jan 22, 2025
May 17, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.
CVE-2023-31848
1Davinci Project
1Davinci
Jan 23, 2025
May 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF).
CVE-2023-24206
1Davinci Project
1Davinci
Nov 21, 2024
Feb 27, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.