Lucene search
K

91 matches found

BDU FSTEC
BDU FSTEC
added 2024/12/20 12:0 a.m.6 views

The vulnerability of the “Evaluations” function of the monitoring, management, and improvement platform for LLM applications allows attackers to influence the integrity of the protected information.

The vulnerability of the “Evaluations” function in the platform for monitoring, managing, and improving LLM applications involves bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to remotely influence the integrity of protected information ...

7.8CVSS7.5AI score0.00433EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/10/29 1:15 p.m.24 views

CVE-2024-7473

An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3...

6.5CVSS6.5AI score0.00433EPSS
Exploits1References2
NVD
NVD
added 2024/10/29 1:15 p.m.41 views

CVE-2024-7473

An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3...

7.5CVSS0.00433EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/29 12:48 p.m.23 views

CVE-2024-7473 IDOR Vulnerability in lunary-ai/lunary

An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3...

7.5CVSS6.7AI score0.00433EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/29 12:48 p.m.44 views

CVE-2024-7473 IDOR Vulnerability in lunary-ai/lunary

An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3...

7.5CVSS0.00433EPSS
Exploits1References2
CVE
CVE
added 2024/10/29 12:48 p.m.62 views

CVE-2024-7473

CVE-2024-7473 describes an IDOR in Lunary AI: lunary-ai/lunary versions 1.3.2 to 1.4.2 allow an authenticated user to update other users’ prompts by manipulating the request’s id parameter in the Evaluations function of the umgws datasets. The root cause is unauthorized modification of a user-con...

7.5CVSS6.8AI score0.00433EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.11 views

PT-2024-9681 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.3.2 through 1.4.2 Description: The issue is related to an IDOR vulnerability in the 'Evaluations' function of the 'umgws datasets' section. This vulnerability allows an authenticated user to update other users'...

8.2CVSS7.5AI score0.00433EPSS
Exploits1References6
NVD
NVD
added 2024/08/27 9:15 p.m.41 views

CVE-2024-45049

Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...

7.5CVSS0.00619EPSS
Exploits0References4
OSV
OSV
added 2024/08/27 8:33 p.m.16 views

CVE-2024-45049 Nix Hydra Missing authentication when triggering evaluations

Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...

7.5CVSS6.8AI score0.00619EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/08/27 8:33 p.m.42 views

CVE-2024-45049 Nix Hydra Missing authentication when triggering evaluations

Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...

7.5CVSS0.00619EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/08/27 8:33 p.m.19 views

CVE-2024-45049 Nix Hydra Missing authentication when triggering evaluations

Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...

7.5CVSS7.5AI score0.00619EPSS
Exploits0References4
CVE
CVE
added 2024/08/27 8:33 p.m.81 views

CVE-2024-45049

CVE-2024-45049 affects Hydra, a CI service for Nix-based projects. The issue allows triggering evaluations without authentication, with potential impact to system availability depending on evaluation size. The advisory provides a fix: apply the commit f73043378907c2c7e44f633ad764c8bdd1c947d5 to H...

7.5CVSS7.5AI score0.00619EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2024/08/27 8:33 p.m.5 views

CVE-2024-45049

Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...

7.5CVSS6.9AI score0.00619EPSS
Exploits0References4
Trend Micro Simply Security
Trend Micro Simply Security
added 2024/06/18 12:0 a.m.15 views

Not Just Another 100% Score: MITRE ENGENUITY ATT&CK

The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response MDR services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate for those steps—...

7.4AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2024/06/18 12:0 a.m.18 views

Not Just Another 100% Score: MITRE ENGENIUTY ATT&CK

The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response MDR services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate for those steps—...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/04/30 1:39 p.m.14 views

Malwarebytes Premium Security earns “Product of the Year” from AVLab

After blocking 100% of “in-the-wild” malware samples that were deployed in multiple, consecutive third-party tests conducted by the AVLab Cybersecurity Foundation, Malwarebytes Premium Security has earned “Product of the Year.” The recognition cements Malwarebytes Premium Security’s perfect recor...

7AI score
Exploits0
OSV
OSV
added 2024/04/16 12:15 a.m.28 views

CVE-2024-1738

An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint. This vulnerability allows unauthorized users to retrieve the results of any organization's evaluation by simply knowing the evaluation...

7.5CVSS7.5AI score0.0055EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.23 views

CVE-2024-1738 Incorrect Authorization in lunary-ai/lunary

An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint. This vulnerability allows unauthorized users to retrieve the results of any organization's evaluation by simply knowing the evaluation...

7.5CVSS7.4AI score0.0055EPSS
Exploits1References2
Wallarm Lab
Wallarm Lab
added 2023/10/26 11:19 a.m.29 views

What is User and Entity Behavior Analytics (UEBA) ?

As the digital world continually transforms at a rapid pace, the necessity for high-grade, reliable safety controls becomes even more crucial. Among a pool of security tactics and tools, User and Entity Behavior Analytics UEBA rises as a formidable measure to shield digital commodities. This...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/02/21 12:0 a.m.16 views

Inexistent Slippage Protection

Lines of code Vulnerability details Impact All bond evaluations are dynamic within the KUMASwap::sellBond and KUMASwap::buyBond functions, however, they operate with token IDs as input arguments and do not perform any sanitization on the amount of KIB tokens minted or burned respectively. In turn...

6.9AI score
Exploits0
Rows per page
Query Builder