Lucene search
K

21 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-17467

Malicious code in bioql PyPI...

9.1CVSS9.2AI score0.00637EPSS
Exploits1References2
CNVD
CNVD
added 2025/03/27 12:0 a.m.11 views

lunary denial of service vulnerability (CNVD-2025-07601)

lunary is lunary open source a production toolkit for LLM . A denial of service vulnerability exists in lunary that stems from the use of insecure regular expressions in the /v1/checklists endpoint. An attacker can exploit this vulnerability to cause a denial of service...

7.5CVSS6.6AI score0.00753EPSS
Exploits1References1
CNVD
CNVD
added 2025/03/27 12:0 a.m.4 views

lunary PATCH Endpoint Authorization Issue Vulnerability

lunary is lunary open source a production toolkit for LLM . lunary has an authorization problem vulnerability , the vulnerability stems from improper management of PATCH endpoint privileges , an attacker can use this vulnerability to cause low-privilege users to modify others' models...

6.5CVSS6.6AI score0.00399EPSS
Exploits1References1
CNVD
CNVD
added 2025/03/27 12:0 a.m.3 views

Unspecified Vulnerability in Lunary

Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in Lunary versions prior to 1.5.9, which stems from a security issue in /v1/evaluators/endpoints, and can be exploited by an attacker to delete evaluator data, resulting in permanent data loss and potentia...

8.1CVSS6.7AI score0.00508EPSS
Exploits1References1
CNVD
CNVD
added 2025/03/27 12:0 a.m.4 views

Unspecified vulnerability in Lunary (CNVD-2025-06939)

Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in Lunary version be54057 that stems from allowing users to upload and execute arbitrary regular expressions, which can be exploited by an attacker to potentially cause a denial of service...

7.5CVSS7.4AI score0.00761EPSS
Exploits1References1
CNVD
CNVD
added 2025/03/27 12:0 a.m.6 views

lunary authorization issue vulnerability (CNVD-2025-07599)

lunary is lunary open source a production toolkit for LLM . An authorization issue vulnerability exists in lunary that stems from the /checklists/:id route not being properly access controlled, which can be exploited by an attacker to cause a low-privileged user to modify the checklist...

7.6CVSS6.6AI score0.0048EPSS
Exploits1References1
CNVD
CNVD
added 2025/03/27 12:0 a.m.3 views

lunary /v1/templates/{id}/versions endpoint access control error vulnerability

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from improper access control in the /v1/templates/id/versions endpoint, and can be exploited by an attacker to modify any user's templates...

4.3CVSS6.6AI score0.01395EPSS
Exploits1References1
CNVD
CNVD
added 2025/03/27 12:0 a.m.5 views

Unspecified vulnerability in Lunary (CNVD-2025-06934)

Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in Lunary versions prior to 1.6.3 that stems from not enforcing unique constraints and can be exploited by an attacker to cause data integrity issues...

6.5CVSS6.7AI score0.00535EPSS
Exploits1References1
CNVD
CNVD
added 2025/03/27 12:0 a.m.6 views

Unspecified vulnerability in Lunary (CNVD-2025-06936)

Lunary is Lunary open source a production toolkit for LLM . Lunary afc5df4 version of a security vulnerability , the vulnerability stems from a flaw in the permission checking mechanism , an attacker can use this vulnerability to cause unauthorized access to sensitive endpoints...

7.3CVSS6.5AI score0.0078EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-8764

A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute arbitrary regular expressions on the server side. This can lead to a Denial of Service DoS condition, as certain regular expressions can cause excessive resource consumption, blocking the server from...

7.5CVSS0.00761EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.7 views

CVE-2024-8789 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary

Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service ReDoS attack. The application allows users to upload their own regular expressions, which are then executed on the server side. Certain regular expressions can have exponential runtime complexity relative...

7.5CVSS0.00761EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:9 a.m.44 views

CVE-2024-8764

CVE-2024-8764 affects lunary-ai/lunary (commit be54057). The vulnerability allows users to upload and execute arbitrary regular expressions on the server side, leading to a potential Denial of Service due to excessive resource consumption. The impact is described as high availability risk. Public...

7.5CVSS7.4AI score0.00761EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2024/11/19 12:0 a.m.7 views

lunary email bombing vulnerability

lunary is lunary open source a production toolkit for LLM . An email bombing vulnerability exists in lunary that stems from a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability. No detailed vulnerability details are provided at this time...

7.5CVSS6.8AI score0.00438EPSS
Exploits0References1
CNVD
CNVD
added 2024/11/01 12:0 a.m.7 views

lunary access control error vulnerability (CNVD-2025-09695)

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary that stems from not properly restricting permissions to update the SAML configuration. An attacker could use this vulnerability to modify the authentication process and steal user...

9.1CVSS7.1AI score0.00625EPSS
Exploits1References1
CNVD
CNVD
added 2024/09/18 12:0 a.m.1 views

lunary access control error vulnerability (CNVD-2025-09696)

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in Lunary that stems from improper controls in the saml.ts file, which can be exploited by an attacker to cause unauthorized access and potential account takeover, where a user of an...

6.5CVSS7AI score0.00417EPSS
Exploits1References1
CNVD
CNVD
added 2024/06/13 12:0 a.m.1 views

Lunary Elevation of Privilege Vulnerability

lunary is lunary open source a production toolkit for LLM . An elevation of privilege vulnerability exists in lunary that stems from a lack of authorization checking and can be exploited by an attacker to delete any dataset...

8.2CVSS7.1AI score0.0045EPSS
Exploits1References1
CNVD
CNVD
added 2024/06/13 12:0 a.m.1 views

Lunary Unauthorized Access Vulnerability

lunary is lunary open source a production toolkit for LLM. lunary has an unauthorized access vulnerability , the vulnerability stems from the password recovery mechanism in the reset password token does not expire after use , an attacker can use this vulnerability by cracking the recovery token t...

7.5CVSS7.1AI score0.00353EPSS
Exploits1References1
CNVD
CNVD
added 2024/06/13 12:0 a.m.3 views

Lunary Cross-Site Request Forgery Vulnerability

lunary is a production toolkit for LLM. A cross-site request forgery vulnerability exists in lunary, which stems from a failure to validate a user-supplied URL, and can be exploited by an attacker to disclose sensitive information...

9.3CVSS8.5AI score0.00417EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.2 views

Lunary 安全漏洞

lunary is lunary open source a production toolkit for LLM. lunary has an unauthorized access vulnerability , the vulnerability stems from the password recovery mechanism in the reset password token does not expire after use , an attacker can use this vulnerability by cracking the recovery token t...

7.5CVSS7AI score0.00353EPSS
Exploits1References2
CNVD
CNVD
added 2024/05/07 12:0 a.m.1 views

lunary unsafe direct object reference vulnerability

lunary is a production toolkit for LLM. An insecure direct object reference vulnerability exists in lunary, which stems from an endpoint that does not validate that a supplied project ID belongs to a currently authenticated user, and can be exploited by an attacker to cause unauthorized...

9.1CVSS9AI score0.00479EPSS
Exploits1References1
Rows per page
Query Builder