21 matches found
EUVD-2024-17467
Malicious code in bioql PyPI...
lunary denial of service vulnerability (CNVD-2025-07601)
lunary is lunary open source a production toolkit for LLM . A denial of service vulnerability exists in lunary that stems from the use of insecure regular expressions in the /v1/checklists endpoint. An attacker can exploit this vulnerability to cause a denial of service...
lunary PATCH Endpoint Authorization Issue Vulnerability
lunary is lunary open source a production toolkit for LLM . lunary has an authorization problem vulnerability , the vulnerability stems from improper management of PATCH endpoint privileges , an attacker can use this vulnerability to cause low-privilege users to modify others' models...
Unspecified Vulnerability in Lunary
Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in Lunary versions prior to 1.5.9, which stems from a security issue in /v1/evaluators/endpoints, and can be exploited by an attacker to delete evaluator data, resulting in permanent data loss and potentia...
Unspecified vulnerability in Lunary (CNVD-2025-06939)
Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in Lunary version be54057 that stems from allowing users to upload and execute arbitrary regular expressions, which can be exploited by an attacker to potentially cause a denial of service...
lunary authorization issue vulnerability (CNVD-2025-07599)
lunary is lunary open source a production toolkit for LLM . An authorization issue vulnerability exists in lunary that stems from the /checklists/:id route not being properly access controlled, which can be exploited by an attacker to cause a low-privileged user to modify the checklist...
lunary /v1/templates/{id}/versions endpoint access control error vulnerability
lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from improper access control in the /v1/templates/id/versions endpoint, and can be exploited by an attacker to modify any user's templates...
Unspecified vulnerability in Lunary (CNVD-2025-06934)
Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in Lunary versions prior to 1.6.3 that stems from not enforcing unique constraints and can be exploited by an attacker to cause data integrity issues...
Unspecified vulnerability in Lunary (CNVD-2025-06936)
Lunary is Lunary open source a production toolkit for LLM . Lunary afc5df4 version of a security vulnerability , the vulnerability stems from a flaw in the permission checking mechanism , an attacker can use this vulnerability to cause unauthorized access to sensitive endpoints...
CVE-2024-8764
A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute arbitrary regular expressions on the server side. This can lead to a Denial of Service DoS condition, as certain regular expressions can cause excessive resource consumption, blocking the server from...
CVE-2024-8789 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary
Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service ReDoS attack. The application allows users to upload their own regular expressions, which are then executed on the server side. Certain regular expressions can have exponential runtime complexity relative...
CVE-2024-8764
CVE-2024-8764 affects lunary-ai/lunary (commit be54057). The vulnerability allows users to upload and execute arbitrary regular expressions on the server side, leading to a potential Denial of Service due to excessive resource consumption. The impact is described as high availability risk. Public...
lunary email bombing vulnerability
lunary is lunary open source a production toolkit for LLM . An email bombing vulnerability exists in lunary that stems from a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability. No detailed vulnerability details are provided at this time...
lunary access control error vulnerability (CNVD-2025-09695)
lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary that stems from not properly restricting permissions to update the SAML configuration. An attacker could use this vulnerability to modify the authentication process and steal user...
lunary access control error vulnerability (CNVD-2025-09696)
lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in Lunary that stems from improper controls in the saml.ts file, which can be exploited by an attacker to cause unauthorized access and potential account takeover, where a user of an...
Lunary Elevation of Privilege Vulnerability
lunary is lunary open source a production toolkit for LLM . An elevation of privilege vulnerability exists in lunary that stems from a lack of authorization checking and can be exploited by an attacker to delete any dataset...
Lunary Unauthorized Access Vulnerability
lunary is lunary open source a production toolkit for LLM. lunary has an unauthorized access vulnerability , the vulnerability stems from the password recovery mechanism in the reset password token does not expire after use , an attacker can use this vulnerability by cracking the recovery token t...
Lunary Cross-Site Request Forgery Vulnerability
lunary is a production toolkit for LLM. A cross-site request forgery vulnerability exists in lunary, which stems from a failure to validate a user-supplied URL, and can be exploited by an attacker to disclose sensitive information...
Lunary 安全漏洞
lunary is lunary open source a production toolkit for LLM. lunary has an unauthorized access vulnerability , the vulnerability stems from the password recovery mechanism in the reset password token does not expire after use , an attacker can use this vulnerability by cracking the recovery token t...
lunary unsafe direct object reference vulnerability
lunary is a production toolkit for LLM. An insecure direct object reference vulnerability exists in lunary, which stems from an endpoint that does not validate that a supplied project ID belongs to a currently authenticated user, and can be exploited by an attacker to cause unauthorized...