91 matches found
The vulnerability of the “Evaluations” function of the monitoring, management, and improvement platform for LLM applications allows attackers to influence the integrity of the protected information.
The vulnerability of the “Evaluations” function in the platform for monitoring, managing, and improving LLM applications involves bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to remotely influence the integrity of protected information ...
CVE-2024-7473
An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3...
CVE-2024-7473
An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3...
CVE-2024-7473 IDOR Vulnerability in lunary-ai/lunary
An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3...
CVE-2024-7473 IDOR Vulnerability in lunary-ai/lunary
An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3...
CVE-2024-7473
CVE-2024-7473 describes an IDOR in Lunary AI: lunary-ai/lunary versions 1.3.2 to 1.4.2 allow an authenticated user to update other users’ prompts by manipulating the request’s id parameter in the Evaluations function of the umgws datasets. The root cause is unauthorized modification of a user-con...
PT-2024-9681 · Lunary Ai · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.3.2 through 1.4.2 Description: The issue is related to an IDOR vulnerability in the 'Evaluations' function of the 'umgws datasets' section. This vulnerability allows an authenticated user to update other users'...
CVE-2024-45049
Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...
CVE-2024-45049 Nix Hydra Missing authentication when triggering evaluations
Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...
CVE-2024-45049 Nix Hydra Missing authentication when triggering evaluations
Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...
CVE-2024-45049 Nix Hydra Missing authentication when triggering evaluations
Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...
CVE-2024-45049
CVE-2024-45049 affects Hydra, a CI service for Nix-based projects. The issue allows triggering evaluations without authentication, with potential impact to system availability depending on evaluation size. The advisory provides a fix: apply the commit f73043378907c2c7e44f633ad764c8bdd1c947d5 to H...
CVE-2024-45049
Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...
Not Just Another 100% Score: MITRE ENGENUITY ATT&CK
The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response MDR services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate for those steps—...
Not Just Another 100% Score: MITRE ENGENIUTY ATT&CK
The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response MDR services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate for those steps—...
Malwarebytes Premium Security earns “Product of the Year” from AVLab
After blocking 100% of “in-the-wild” malware samples that were deployed in multiple, consecutive third-party tests conducted by the AVLab Cybersecurity Foundation, Malwarebytes Premium Security has earned “Product of the Year.” The recognition cements Malwarebytes Premium Security’s perfect recor...
CVE-2024-1738
An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint. This vulnerability allows unauthorized users to retrieve the results of any organization's evaluation by simply knowing the evaluation...
CVE-2024-1738 Incorrect Authorization in lunary-ai/lunary
An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint. This vulnerability allows unauthorized users to retrieve the results of any organization's evaluation by simply knowing the evaluation...
What is User and Entity Behavior Analytics (UEBA) ?
As the digital world continually transforms at a rapid pace, the necessity for high-grade, reliable safety controls becomes even more crucial. Among a pool of security tactics and tools, User and Entity Behavior Analytics UEBA rises as a formidable measure to shield digital commodities. This...
Inexistent Slippage Protection
Lines of code Vulnerability details Impact All bond evaluations are dynamic within the KUMASwap::sellBond and KUMASwap::buyBond functions, however, they operate with token IDs as input arguments and do not perform any sanitization on the amount of KIB tokens minted or burned respectively. In turn...