CVE ID : CVE-2025-48187
Published : May 17, 2025, 1:15 p.m. | 3 hours, 53 minutes ago
Description : RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Source: Read More