70 matches found
CVE-2024-6839
CVE-2024-6839 is a confirmed issue in corydolphin/flask-cors 4.0.1 where improper regex path matching lets less restrictive CORS policies apply to sensitive endpoints due to priority bias toward longer regexes. The vulnerability can enable unauthorized cross-origin access to data or functionality...
anything-llm 安全漏洞
anything-llm is an all-in-one desktop and Docker AI application open-sourced by Mintplex. A security vulnerability exists in anything-llm that stems from a low-privileged user having access to sensitive API endpoints, which could lead to API key disclosure and denial of service...
Lunary 安全漏洞
Lunary is Lunary open source a production toolkit for LLM . Lunary afc5df4 version of a security vulnerability , the vulnerability stems from a flaw in the permission checking mechanism , an attacker can use this vulnerability to cause unauthorized access to sensitive endpoints...
PT-2025-12244 · Unknown · Lunary-Ai/Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version git afc5df4 Description: The privilege check mechanism in lunary-ai/lunary is flawed, allowing unauthenticated attackers to access sensitive endpoints by including "/auth/" in the path. This is because the system...
CVE-2024-57176
An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL...
CVE-2024-57176
An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL...
PT-2025-7447 · Unknown · White-Jotter
Name of the Vulnerable Software and Affected Versions: White-Jotter version 0.2.2 Description: An issue in the shiroFilter function allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL. Recommendations: Update to a newer version of White-Jotter that...
CVE-2024-57176
CVE-2024-57176 affects White-Jotter v0.2.2. Multiple sources describe a vulnerability in the shiroFilter function that allows directory traversal, enabling an attacker to access sensitive endpoints via a crafted URL. The issue is documented across CVE registries and vendor advisories with consist...
White-Jotter 安全漏洞
White-Jotter is a front-end and back-end separation project developed by Antabot individual developer using Vue+Spring Boot, with a full set of development tutorials. White-Jotter has a security vulnerability that stems from an issue in the shiroFilter function. An attacker exploiting this...
CVE-2024-57176
An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL...
CVE-2024-1646
parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized...
PT-2025-3220 · Elementor · Move Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Move Addons for Elementor versions 1.3.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting XSS. This enables attackers to inject malicious...
CVE-2024-1646
parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized...
CVE-2024-1646
CVE-2024-1646 affects parisneo/lollms-webui. The vulnerability is an authentication bypass caused by insufficient protection over sensitive endpoints; the app only checks that the host parameter is not '0.0.0.0', which is inadequate when bound to a specific interface. This allows unauthorized acc...
CVE-2024-1646 Authentication Bypass in parisneo/lollms-webui
parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized...
CVE-2024-1646 Authentication Bypass in parisneo/lollms-webui
parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized...
PT-2024-18193 · Unknown · Parisneo/Lollms-Webui
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: The issue is related to insufficient protection over sensitive endpoints, allowing unauthorized access when the application is bound to a specific interface. This is due to th...
LoLLMs 安全漏洞
LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs that stems from inadequate protection of sensitive endpoints, allowing unauthorized access to endpoints such as /restartprogram, /updatesoftware, /,...
PT-2023-3351 · Fortinet · Fortisiem
Name of the Vulnerable Software and Affected Versions: FortiSIEM versions prior to 7.0.0 Description: The issue is related to an improper restriction of excessive authentication attempts, which may allow a non-privileged user with access to several endpoints to perform a brute force attack on the...
Spring Boot Actuator Sensitive Endpoints Detected
Spring Boot Actuator endpoints let you monitor and interact with your application. Spring Boot includes a number of built-in endpoints and lets you add your own. For example, the 'health' endpoint provides basic application health information. But some of these endpoints are considered sensitive...