Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5 matches found

RedhatCVE
RedhatCVEadded 2025/03/22 12:1 p.m.5 views

CVE-2024-10762

In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. This...

8.1CVSS6.8AI score0.00125EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/03/20 10:9 a.m.3 views

CVE-2024-10762 Missing Authorization in lunary-ai/lunary

In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. This...

8.1CVSS0.00125EPSS
Exploits1References2
CVE
CVEadded 2025/03/20 10:9 a.m.45 views

CVE-2024-10762

CVE-2024-10762 affects lunary-ai/lunary prior to version 1.5.9. The /v1/evaluators/ endpoint does not enforce access control, permitting low-privilege users to issue DELETE requests that delete evaluator data, causing permanent data loss and potential operational disruption. Evidence from multipl...

8.1CVSS8AI score0.00125EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2025/03/20 10:9 a.m.3 views

CVE-2024-10762 Missing Authorization in lunary-ai/lunary

In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. This...

8.1CVSS8AI score0.00125EPSS
Exploits1References2
Huntr
Huntradded 2024/11/01 7:13 a.m.2 views

Lack of proper access control on endpoint to delete evaluators

Description The /v1/evaluators/ route allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. The current implementation: Does not...

8.1CVSS8.1AI score0.00125EPSS
Exploits1
Rows per page
Query Builder