Lucene search
K

2010 matches found

OSV
OSV
added 2024/04/16 12:15 a.m.16 views

CVE-2024-1665

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.6AI score
Exploits0
NVD
NVD
added 2024/04/16 12:15 a.m.14 views

CVE-2024-1738

An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint. This vulnerability allows unauthorized users to retrieve the results of any organization's evaluation by simply knowing the evaluation...

7.5CVSS7.7AI score0.0055EPSS
Exploits1References2
OSV
OSV
added 2024/04/16 12:15 a.m.27 views

CVE-2024-1738

An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint. This vulnerability allows unauthorized users to retrieve the results of any organization's evaluation by simply knowing the evaluation...

7.5CVSS7.5AI score0.0055EPSS
Exploits1References2
OSV
OSV
added 2024/04/16 12:15 a.m.20 views

CVE-2024-0404

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

9.1CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2024/04/16 12:15 a.m.7 views

CVE-2024-0404

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

9.1CVSS9.1AI score0.00783EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.18 views

CVE-2024-2083 Directory Traversal in zenml-io/zenml

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The...

9.9CVSS9.5AI score0.3909EPSS
Exploits2References2
CVE
CVE
added 2024/04/16 12:0 a.m.95 views

CVE-2024-2083

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically in the /api/v1/steps endpoint. Exploitation opportunities arise by manipulating the logs URI path, bypassing access restrictions due to lack of validation for directory traversal patterns. The issue is descr...

9.9CVSS9.4AI score0.3909EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.14 views

CVE-2024-2083 Directory Traversal in zenml-io/zenml

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The...

9.9CVSS9.7AI score0.3909EPSS
Exploits2References2
CVE
CVE
added 2024/04/16 12:0 a.m.116 views

CVE-2024-1738

CVE-2024-1738 affects lunary-ai/lunary, specifically the /api/evaluations route (evaluations.get). The root cause is missing project ID verification in the SQL query, enabling unauthorized users to retrieve any organization’s evaluation results by simply knowing the evaluation ID, potentially exp...

7.5CVSS7.3AI score0.0055EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.15 views

CVE-2024-3028 Improper Input Validation in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logofilename' parameter in the 'system-preferences' API endpoint, an attacker can construct requests to read sensitive files or the...

7.2CVSS7AI score0.00834EPSS
Exploits1References2
CVE
CVE
added 2024/04/16 12:0 a.m.87 views

CVE-2024-1665

This CVE ID is rejected/not used and does not represent an active vulnerability entry.

6.7AI score
Exploits0
NVD
NVD
added 2024/04/15 6:15 p.m.7 views

CVE-2023-4856

A format string vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute arbitrary commands on a specific API endpoint...

8.8CVSS8.9AI score0.00665EPSS
Exploits0References1
CVE
CVE
added 2024/04/15 5:59 p.m.76 views

CVE-2023-4856

The CVE-2023-4856 entry concerns a format-string vulnerability in Lenovo SMM/SMM2 and FPC. An authenticated user could trigger execution of arbitrary commands via a specific API endpoint, due to improper handling of format strings in the affected components. The connected Red Hat, NVD, CVE lists ...

8.8CVSS7.4AI score0.00665EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/15 5:59 p.m.12 views

CVE-2023-4856

A format string vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute arbitrary commands on a specific API endpoint...

8.8CVSS9AI score0.00665EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.3 views

PT-2024-15530 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm repository affected versions not specified Description: A mass assignment vulnerability exists in the "/api/invite/:code" endpoint, allowing unauthorized creation of high-privileged accounts. By intercepting and...

9.1CVSS8.9AI score0.00783EPSS
Exploits1References8
Veracode
Veracode
added 2024/04/12 5:13 a.m.22 views

Remote Code Execution (RCE)

aim is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper user access restriction to the RunView object, allowing for the execution of arbitrary code via a crafted query parameter to the /api/runs/search/run/ endpoint...

9.8CVSS8.3AI score0.018EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.3 views

PT-2024-24235

Name of the Vulnerable Software and Affected Versions: tiagorlampert CHAOS version 5.0.1 Description: A Cross Site Scripting XSS vulnerability exists in tiagorlampert CHAOS. A remote attacker may be able to escalate privileges via the sendCommandHandler function in the handler.go component. A...

4.8CVSS7AI score0.08104EPSS
Exploits6References17
NVD
NVD
added 2024/04/10 5:15 p.m.16 views

CVE-2024-3283

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...

7.2CVSS7AI score0.0095EPSS
Exploits1References2
NVD
NVD
added 2024/04/10 5:15 p.m.12 views

CVE-2024-3025

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can...

9.9CVSS9.4AI score0.01EPSS
Exploits1References2
NVD
NVD
added 2024/04/10 5:15 p.m.13 views

CVE-2024-2195

A critical Remote Code Execution RCE vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions = 3.0.0. The vulnerability resides in the runsearchapi function of the aim/web/api/runs/views.py file, where improper restricti...

9.8CVSS10AI score0.018EPSS
Exploits1References1
Rows per page
Query Builder