Lucene search
K

70 matches found

CVE
CVE
added 2025/03/20 10:9 a.m.206 views

CVE-2024-6839

CVE-2024-6839 is a confirmed issue in corydolphin/flask-cors 4.0.1 where improper regex path matching lets less restrictive CORS policies apply to sensitive endpoints due to priority bias toward longer regexes. The vulnerability can enable unauthorized cross-origin access to data or functionality...

5.3CVSS4.6AI score0.00652EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

anything-llm 安全漏洞

anything-llm is an all-in-one desktop and Docker AI application open-sourced by Mintplex. A security vulnerability exists in anything-llm that stems from a low-privileged user having access to sensitive API endpoints, which could lead to API key disclosure and denial of service...

8.3CVSS8.1AI score0.00488EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.8 views

Lunary 安全漏洞

Lunary is Lunary open source a production toolkit for LLM . Lunary afc5df4 version of a security vulnerability , the vulnerability stems from a flaw in the permission checking mechanism , an attacker can use this vulnerability to cause unauthorized access to sensitive endpoints...

7.3CVSS7.2AI score0.0078EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.6 views

PT-2025-12244 · Unknown · Lunary-Ai/Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version git afc5df4 Description: The privilege check mechanism in lunary-ai/lunary is flawed, allowing unauthenticated attackers to access sensitive endpoints by including "/auth/" in the path. This is because the system...

7.3CVSS7.2AI score0.0078EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/02/23 12:18 a.m.7 views

CVE-2024-57176

An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL...

7.6CVSS6.9AI score0.00493EPSS
Exploits1References1
NVD
NVD
added 2025/02/21 6:15 p.m.9 views

CVE-2024-57176

An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL...

7.6CVSS0.00493EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/21 12:0 a.m.5 views

PT-2025-7447 · Unknown · White-Jotter

Name of the Vulnerable Software and Affected Versions: White-Jotter version 0.2.2 Description: An issue in the shiroFilter function allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL. Recommendations: Update to a newer version of White-Jotter that...

7.6CVSS6.5AI score0.00493EPSS
Exploits1References7
CVE
CVE
added 2025/02/21 12:0 a.m.68 views

CVE-2024-57176

CVE-2024-57176 affects White-Jotter v0.2.2. Multiple sources describe a vulnerability in the shiroFilter function that allows directory traversal, enabling an attacker to access sensitive endpoints via a crafted URL. The issue is documented across CVE registries and vendor advisories with consist...

7.6CVSS6.6AI score0.00493EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/02/21 12:0 a.m.5 views

White-Jotter 安全漏洞

White-Jotter is a front-end and back-end separation project developed by Antabot individual developer using Vue+Spring Boot, with a full set of development tutorials. White-Jotter has a security vulnerability that stems from an issue in the shiroFilter function. An attacker exploiting this...

7.6CVSS6.5AI score0.00493EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/02/21 12:0 a.m.5 views

CVE-2024-57176

An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL...

7.5AI score0.00493EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:30 a.m.9 views

CVE-2024-1646

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized...

8.2CVSS8.3AI score0.00701EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/02 12:0 a.m.9 views

PT-2025-3220 · Elementor · Move Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Move Addons for Elementor versions 1.3.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting XSS. This enables attackers to inject malicious...

6.5CVSS9AI score0.00329EPSS
Exploits0References6
NVD
NVD
added 2024/04/16 12:15 a.m.18 views

CVE-2024-1646

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized...

8.2CVSS8.3AI score0.00701EPSS
Exploits1References2
CVE
CVE
added 2024/04/16 12:0 a.m.72 views

CVE-2024-1646

CVE-2024-1646 affects parisneo/lollms-webui. The vulnerability is an authentication bypass caused by insufficient protection over sensitive endpoints; the app only checks that the host parameter is not '0.0.0.0', which is inadequate when bound to a specific interface. This allows unauthorized acc...

8.2CVSS7AI score0.00701EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.17 views

CVE-2024-1646 Authentication Bypass in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized...

8.2CVSS7.1AI score0.00701EPSS
Exploits1References2
OSV
OSV
added 2024/04/16 12:0 a.m.12 views

CVE-2024-1646 Authentication Bypass in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized...

8.2CVSS7.2AI score0.00701EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.7 views

PT-2024-18193 · Unknown · Parisneo/Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: The issue is related to insufficient protection over sensitive endpoints, allowing unauthorized access when the application is bound to a specific interface. This is due to th...

8.2CVSS8AI score0.00701EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.5 views

LoLLMs 安全漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs that stems from inadequate protection of sensitive endpoints, allowing unauthorized access to endpoints such as /restartprogram, /updatesoftware, /,...

8.2CVSS8.1AI score0.00701EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.4 views

PT-2023-3351 · Fortinet · Fortisiem

Name of the Vulnerable Software and Affected Versions: FortiSIEM versions prior to 7.0.0 Description: The issue is related to an improper restriction of excessive authentication attempts, which may allow a non-privileged user with access to several endpoints to perform a brute force attack on the...

8.8CVSS8.7AI score0.00534EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/03/24 12:0 a.m.13 views

Spring Boot Actuator Sensitive Endpoints Detected

Spring Boot Actuator endpoints let you monitor and interact with your application. Spring Boot includes a number of built-in endpoints and lets you add your own. For example, the 'health' endpoint provides basic application health information. But some of these endpoints are considered sensitive...

7.3AI score
Exploits0References1
Rows per page
Query Builder