PULSE
LIVE18signals / 24h
FEED
ransomincransom reclama a v-silicon.com · TW · Technologyransomincransom reclama a FAST.COM.PH · PH · Technologyransomincransom reclama a D.MAG New Material Technology Co., Ltd. Taiwan Giant · TW · Manufacturingransomincransom reclama a vedan corp · VN · Agriculture and Food Productionransomincransom reclama a reatile.co.za · ZA · Not Foundransomincransom reclama a V&P Nurseries · US · Agriculture and Food Productionransomqilin reclama a Powder River Heating & Air Conditioning · US · Consumer Servicesransomqilin reclama a Droguería Martorani · AR · Consumer Servicesransomthegentlemen reclama a Military Sealift Command · US · Transportation/Logisticsransomthegentlemen reclama a Advantage Home Health Care · US · Healthcareransomthegentlemen reclama a Sunway Scientific · TW · Manufacturingransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomincransom reclama a v-silicon.com · TW · Technologyransomincransom reclama a FAST.COM.PH · PH · Technologyransomincransom reclama a D.MAG New Material Technology Co., Ltd. Taiwan Giant · TW · Manufacturingransomincransom reclama a vedan corp · VN · Agriculture and Food Productionransomincransom reclama a reatile.co.za · ZA · Not Foundransomincransom reclama a V&P Nurseries · US · Agriculture and Food Productionransomqilin reclama a Powder River Heating & Air Conditioning · US · Consumer Servicesransomqilin reclama a Droguería Martorani · AR · Consumer Servicesransomthegentlemen reclama a Military Sealift Command · US · Transportation/Logisticsransomthegentlemen reclama a Advantage Home Health Care · US · Healthcareransomthegentlemen reclama a Sunway Scientific · TW · Manufacturingransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturing
← All CVEs
CVE WatchJul 15, 2026

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerabil

CVSS

7.5

High

EPSS

0.5%

p41

KEV

Exploit Today

12

0-100

Published: Mar 5, 2026 · Last modified: Jul 15, 2026 · CWE-22 · CWE-918

EPSS · 30d
0.5%EPSS · 30 days0.5%
2026-06-302026-07-17
Technical description

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.

Official references
Related CVEs
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2023-389507.5 HIG
99.7%
KEV80ZKTeco BioTime Path Traversal Vulnerability9d
CVE-2026-202308.6 HIG
98.5%
KEV80Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability17d
CVE-2026-4828210.0 CRI
97.9%
KEV79Adobe ColdFusion Path Traversal Vulnerability10d
CVE-2026-1540910.0 CRI
66.5%
KEV70SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability2d
CVE-2020-248819.8 CRI
99.4%
30SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.8d
CVE-2026-445788.6 HIG
98.4%
30Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server to proxy requests to arbitrary internal or external destinations, which may expose internal services or cloud metadata endpoints. Vercel-hosted deployments are not affected. This vulnerability is fixed in 15.5.16 and 16.2.5.2d