Lucene search
K

61 matches found

CVE
CVE
added 2024/11/01 12:5 p.m.89 views

CVE-2024-7456

The CVE-2024-7456 issue affects lunary-ai/lunary v1.4.2, where the /api/v1/external-users route constructs an ORDER BY clause using sql.unsafe without server-side sanitization, enabling SQL injection. Impact per sources: potential complete data loss/modification/corruption. Public details across ...

9.8CVSS10AI score0.01359EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.6 views

PT-2024-38366 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version v1.4.2 Description: A SQL injection vulnerability exists in the "/api/v1/external-users" route. The order by clause of the SQL query uses sql.unsafe without prior sanitization, allowing for SQL injection. The...

9.8CVSS9.9AI score0.01359EPSS
Exploits1References10
OSV
OSV
added 2024/10/29 1:15 p.m.20 views

CVE-2024-7474

In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference IDOR vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access...

8.1CVSS6.8AI score0.00477EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/29 12:46 p.m.23 views

CVE-2024-7474 IDOR in lunary-ai/lunary

In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference IDOR vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access...

9.1CVSS0.00477EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.4 views

Lunary 访问控制错误漏洞

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from an insecure direct object reference IDOR vulnerability that can be exploited by an attacker to manipulate the id parameter in a request URL to view or delete an...

9.1CVSS6.7AI score0.00477EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/04/01 8:33 p.m.22 views

In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists

Impact Versions from 1.2.0 to 1.3.1 of Astro-Shield allow to bypass the allow-lists for cross-origin resources by introducing valid integrity attributes to the injected code. This implies that the injected SRI hash would be added to the generated CSP header, which would lead the browser to believ...

7.5CVSS6.8AI score0.0031EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/03/29 7:3 p.m.18 views

GHSA-W387-5QQW-7G8M Content-Security-Policy header generation in middleware could be compromised by malicious injections

Impact When the following conditions are met: - Automated CSP headers generation for SSR content is enabled - The web application serves content that can be partially controlled by external users Then it is possible that the CSP headers generation feature might be "allow-listing" malicious inject...

8.7CVSS7.6AI score0.00591EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2023/11/13 11:35 a.m.39 views

Top 5 Marketing Tech SaaS Security Challenges

Effective marketing operations today are driven by the use of Software-as-a-Service SaaS applications. Marketing apps such as Salesforce, Hubspot, Outreach, Asana, Monday, and Box empower marketing teams, agencies, freelancers, and subject matter experts to collaborate seamlessly on campaigns and...

7.1AI score
Exploits0
Citrix
Citrix
added 2023/09/01 12:0 a.m.7 views

HTML5 external users are not able to launch applications via Netscaler Gateway, Workspace works.

Users connecting externally are not able to launch connections with the Light HTML5 browser access but are able to launch with the Workspace App. Error displayed: "Citrix Workspace app cannot connect to the server. Please check your network connection or contact your help desk for assistance."...

7.1AI score
Exploits0
Citrix
Citrix
added 2023/08/07 12:0 a.m.5 views

External Users Unable to Authenticate via Workspace App

External users unable to authenticate the workspace app after upgrading the firmware to 13.0 build 33.52 but they can login through the web browser. Error : While logging through the workspace by giving the credentials it will again loop back to the same login page by throwing an error : "Incorre...

7.2AI score
Exploits0
Veracode
Veracode
added 2023/06/20 11:44 a.m.14 views

Privilege Escalation

github.com/pydio/cells is vulnerable to Privilege Escalation. The creation of external users for file sharing is possible with Pydio Cells. It is possible to give a new user arbitrary roles with access to all cells and non-personal workspaces by altering the HTTP request that is submitted when...

8.8CVSS7AI score0.14197EPSS
Exploits6References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/06/08 8:15 p.m.3 views

CVE-2023-32749

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...

8.8CVSS7.5AI score0.14197EPSS
Exploits6References5
OSV
OSV
added 2023/06/08 8:15 p.m.17 views

CVE-2023-32749

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...

8.8CVSS7.1AI score
Exploits0References4
NVD
NVD
added 2023/06/08 8:15 p.m.33 views

CVE-2023-32749

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...

8.8CVSS8.7AI score0.14197EPSS
Exploits6References4
Vulnrichment
Vulnrichment
added 2023/06/08 12:0 a.m.10 views

CVE-2023-32749

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...

8.6AI score0.14197EPSS
Exploits6References4
CVE
CVE
added 2023/06/08 12:0 a.m.66 views

CVE-2023-32749

CVE-2023-32749 affects Pydio Cells. An attacker can modify the HTTP request when creating external users, permitting assignment of arbitrary roles to the new account. If all roles are granted, the attacker gains access to all cells and non-personal workspaces. Documented impact is privilege escal...

8.8CVSS8.5AI score0.14197EPSS
Exploits6References4Affected Software1
Cvelist
Cvelist
added 2023/06/08 12:0 a.m.40 views

CVE-2023-32749

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...

8.8AI score0.14197EPSS
Exploits6References4
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.5 views

PT-2023-23997 · Pydio · Pydio Cells

Name of the Vulnerable Software and Affected Versions: Pydio Cells affected versions not specified Description: The issue allows users to assign arbitrary roles to newly created external users by modifying the HTTP request during the creation process. This can grant access to all cells and...

8.8CVSS7AI score0.14197EPSS
Exploits6References9
Prion
Prion
added 2023/05/03 10:15 p.m.15 views

Design/Logic Flaw

An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users...

6.5CVSS8.7AI score0.01039EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/03 12:0 a.m.3 views

PT-2023-18346 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 15.10 through 15.10.4 GitLab EE versions 15.11 through 15.11.0 Description: An issue has been discovered in GitLab EE that may allow users who are marked as external to become regular users under certain conditions when...

8.8CVSS8.6AI score0.01039EPSS
Exploits1References9
Rows per page
Query Builder