Lucene search
K

42 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-46384

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00298EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-42543

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00294EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-27856

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00325EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:31 a.m.5 views

CVE-2024-5127

In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of role...

5.4CVSS6.8AI score0.00298EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:57 a.m.7 views

CVE-2024-2913

A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user...

6.5CVSS6.3AI score0.00325EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.5 views

CVE-2024-10359

In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. This allows an attacker to inject a different user ID into the preset object, causing the preset to appear in the UI of...

4.6CVSS6.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/07 8:45 p.m.15 views

CVE-2024-47610 Stored Cross-site Scripting Vulnerability in Markdown Editor

InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addresse...

7.3CVSS6.5AI score0.00294EPSS
Exploits0References2
CVE
CVE
added 2024/10/07 8:45 p.m.54 views

CVE-2024-47610

The CVE-2024-47610 issue affects InvenTree before 0.16.5, where a registered user can store JavaScript in Markdown notes fields that are rendered for other logged-in users, enabling stored cross-site scripting (XSS). Root cause: lack of input sanitization in the Markdown rendering path and storag...

7.3CVSS7AI score0.00294EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/06/06 6:15 p.m.26 views

CVE-2024-5127

In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of role...

5.4CVSS0.00298EPSS
Exploits1References2
CVE
CVE
added 2024/06/06 5:26 p.m.49 views

CVE-2024-5127

CVE-2024-5127 affects lunary-ai/lunary versions 1.2.2–1.2.25 and describes an improper access-control vulnerability in the Team feature. The backend does not validate whether a user has paid for a plan before allowing invites with roles, enabling Free-plan users to invite members and assign roles...

5.4CVSS5.4AI score0.00298EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/06 5:26 p.m.14 views

CVE-2024-5127 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of role...

5.4CVSS6.8AI score0.00298EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/06 5:26 p.m.35 views

CVE-2024-5127 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of role...

5.4CVSS0.00298EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.5 views

PT-2024-34584 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.2.2 through 1.2.25 Description: The issue arises due to insufficient backend validation of roles and permissions, enabling unauthorized users to join a project and potentially exploit roles and permissions not...

5.4CVSS5.6AI score0.00298EPSS
Exploits1References7
OSV
OSV
added 2024/05/07 12:15 a.m.5 views

CVE-2024-2913

A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user...

6.5CVSS6.3AI score
Exploits0References1
CVE
CVE
added 2024/05/06 11:42 p.m.71 views

CVE-2024-2913

CVE-2024-2913 affects mintplex-labs/anything-llm in the user invite acceptance flow. Root cause: lack of validation for concurrent requests creates a race condition that lets multiple accounts be created from a single invite link intended for one user. Impact: unauthorized user creation without d...

6.5CVSS6.6AI score0.00325EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/06 11:42 p.m.21 views

CVE-2024-2913 Race Condition Vulnerability in mintplex-labs/anything-llm

A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user...

6.5CVSS6.8AI score0.00325EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/05/06 12:0 a.m.3 views

PT-2024-22751 · Unknown · Anything-Llm

Name of the Vulnerable Software and Affected Versions: anything-llm affected versions not specified Description: A race condition vulnerability exists in the user invite acceptance process, allowing attackers to create multiple user accounts from a single invite link by sending multiple concurren...

6.5CVSS6.2AI score0.00325EPSS
Exploits1References6
Veracode
Veracode
added 2024/02/06 10:43 a.m.14 views

Account Spoofing

phpMyFAQ is vulnerable to User Account Spoofing. The vulnerability is due to the user removal page lacking backend validation, allowing an attacker to manipulate form details by intercepting the request via a proxy, which can allow an attacker to trick an admin into removing the account...

6.5CVSS6.7AI score0.00587EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.5 views

SAP ERP 信任管理问题漏洞

SAP Cloud Connector is a connector for connecting to the SAP Cloud Platform from SAP Germany. SAP Cloud Connector 2.0 suffers from a trust management issue vulnerability that stems from SAP Cloud Connector being able to communicate with the backend without sufficiently validating certificates. An...

9.1CVSS5.7AI score0.00541EPSS
Exploits0References5
Prion
Prion
added 2019/07/09 8:15 p.m.16 views

Authentication flaw

In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter accesstoken this is the parameter used by the API. No valid token is required since it is not validated by the backend. The website can then be browsed as if no basic authentication is...

5CVSS7.7AI score0.01405EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder