Lucene search
K

7 matches found

OSV
OSV
added 2026/02/02 11:16 a.m.5 views

CVE-2024-4147

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, on...

6.5CVSS5.8AI score0.00388EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/02 10:36 a.m.26 views

CVE-2024-4147 Insufficient Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, on...

7.5CVSS0.00388EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/02 10:36 a.m.5 views

EUVD-2024-32706

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, on...

7.5CVSS5.5AI score0.00388EPSS
Exploits1References3
CVE
CVE
added 2026/02/02 10:36 a.m.12 views

CVE-2024-4147

CVE-2024-4147 affects lunary-ai/lunary v1.2.13. The flaw is insufficient access-control granularity: deletion checks only resource-permission, not ownership by project/organization, enabling deletion of prompts from other organizations. This can cause legitimate users to lose access and data inco...

7.5CVSS5.5AI score0.00388EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.9 views

Lunary 安全漏洞

Lunary is an open-source production toolkit for LLMs developed by Lunary. Version 1.2.13 of Lunary contains a security vulnerability. This vulnerability stems from insufficient access control granularity, allowing users to delete prompts created by other organizations using their IDs, resulting i...

7.5CVSS7.1AI score0.00388EPSS
Exploits1References3
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-11167

An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users' prompts via the groupid parameter. This issue occurs because the endpoint does not verify whether the provided prompt ID belongs to the current user...

9.4CVSS0.00516EPSS
Exploits1References2
PyPA
PyPA
added 2023/07/21 7:15 p.m.5 views

PYSEC-2023-129

Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly used when deleting content from Indico. Exploitation requires someone with at least submission privileges such as a speaker and then someone...

5.4CVSS6.8AI score0.00433EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder