Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2024-1902

Malicious code in bioql PyPI...

8.1CVSS6AI score0.00431EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 8:40 a.m.20 views

CVE-2024-5389

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset...

8.1CVSS6.7AI score0.00431EPSS
Exploits1References1
OSV
OSV
added 2024/06/10 12:30 a.m.20 views

GHSA-3MWC-2CJ7-GX8C lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management

Withdrawn: This advisory was incorrectly linked the the npm package lunary. The advisory is valid, but not for that package. In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datase...

9.3CVSS6.5AI score0.00431EPSS
Exploits1References4
NVD
NVD
added 2024/06/09 11:15 p.m.50 views

CVE-2024-5389

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset...

8.1CVSS0.00431EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/09 10:22 p.m.54 views

CVE-2024-5389 Insufficient Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset...

5.7CVSS0.00431EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/09 10:22 p.m.19 views

CVE-2024-5389 Insufficient Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset...

5.7CVSS6.8AI score0.00431EPSS
Exploits1References1
CVE
CVE
added 2024/06/09 10:22 p.m.55 views

CVE-2024-5389

CVE-2024-5389 affects lunary-ai/lunary 1.2.13. Root cause: insufficient granularity of access control, failing to validate dataset prompt ownership against the organization/project. Result: users can create, update, get, and delete prompt variations for datasets not owned by their org, causing un...

8.1CVSS6.6AI score0.00431EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/09 12:0 a.m.9 views

PT-2024-35968 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.13 Description: The issue arises due to the application not properly validating the ownership of dataset prompts and their variations against the organization or project of the requesting user. As a result,...

8.1CVSS5.8AI score0.00431EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.9 views

PT-2024-34585 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions up to and including 1.2.2 Description: An Insecure Direct Object Reference IDOR vulnerability was identified, allowing unauthorized users to view, update, or delete any dataset prompt or dataset prompt variation with...

9.4CVSS9.3AI score0.00509EPSS
Exploits1References8
Rows per page
Query Builder