EUVD-2024-46387

Malicious code in bioql PyPI...

EUVD-2024-32334

Malicious code in bioql PyPI...

CVE-2024-3761

In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at packages/backend/src/api/v1/datasets is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a datas...

CVE-2024-5130

An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, which allows unauthenticated users to delete any dataset. The vulnerability is due to the lack of proper authorization checks in the dataset deletion endpoint. Specifically, the endpoint does n...

Lunary Authorization Issues Vulnerability

Lunary is lunary open source a production toolkit for LLM. Lunary has an authorization issue vulnerability that stems from the lack of proper authorization checks in the dataset deletion end node, which can be exploited by an attacker to delete any dataset...

Lunary Elevation of Privilege Vulnerability

lunary is lunary open source a production toolkit for LLM . An elevation of privilege vulnerability exists in lunary that stems from a lack of authorization checking and can be exploited by an attacker to delete any dataset...

CVE-2024-5129

A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. The vulnerability is present in the dataset deletion functionality, where the application fails to verify if the user requesting the deletion...

CVE-2024-5130

An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, which allows unauthenticated users to delete any dataset. The vulnerability is due to the lack of proper authorization checks in the dataset deletion endpoint. Specifically, the endpoint does n...

CVE-2024-5130

An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, which allows unauthenticated users to delete any dataset. The vulnerability is due to the lack of proper authorization checks in the dataset deletion endpoint. Specifically, the endpoint does n...

CVE-2024-5129

A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. The vulnerability is present in the dataset deletion functionality, where the application fails to verify if the user requesting the deletion...

CVE-2024-5130 Incorrect Authorization in lunary-ai/lunary

An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, which allows unauthenticated users to delete any dataset. The vulnerability is due to the lack of proper authorization checks in the dataset deletion endpoint. Specifically, the endpoint does n...

CVE-2024-5129 Privilege Escalation Vulnerability in lunary-ai/lunary

A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. The vulnerability is present in the dataset deletion functionality, where the application fails to verify if the user requesting the deletion...

CVE-2024-5129

The CVE-2024-5129 entry concerns lunary-ai/lunary version 1.2.2 where the datasets.delete function lacks authorization checks. This allows an unauthenticated user to delete any dataset by issuing a DELETE request with the dataset ID, constituting a privilege-escalation/unauthorized data deletion ...

CVE-2024-5129 Privilege Escalation Vulnerability in lunary-ai/lunary

A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. The vulnerability is present in the dataset deletion functionality, where the application fails to verify if the user requesting the deletion...

Lunary 安全漏洞

lunary is lunary open source a production toolkit for LLM . An elevation of privilege vulnerability exists in lunary that stems from a lack of authorization checking and can be exploited by an attacker to delete any dataset...

Lunary 安全漏洞

Lunary is lunary open source a production toolkit for LLM. Lunary has an authorization issue vulnerability that stems from the lack of proper authorization checks in the dataset deletion end node, which can be exploited by an attacker to delete any dataset...

PT-2024-34586 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.2 Description: A Privilege Escalation issue exists due to missing authorization checks, allowing any user to delete datasets. The issue is present in the dataset deletion functionality, where the application fails...

lunary authorization issue vulnerability (CNVD-2025-12114)

lunary is a production toolkit for LLM. An authorization issue vulnerability exists in lunary, which stems from a lack of authorization and authentication mechanisms, and can be exploited by an attacker to delete a dataset by sending a DELETE request to an endpoint...

CVE-2024-3761

In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at packages/backend/src/api/v1/datasets is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a datas...

CVE-2024-3761

In lunary-ai/lunary, version 1.2.2 contains an unauthorized deletion vulnerability on the DELETE endpoint at packages/backend/src/api/v1/datasets due to missing authorization/authentication. This allows any user (no token required) to delete a dataset, potentially causing data loss or service dis...