10 matches found
EUVD-2025-6873
Malicious code in bioql PyPI...
CVE-2024-9098
In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources. This issue arises because the user creation endpoint does not restrict admins from invitin...
CVE-2024-9098 Privilege Escalation in lunary-ai/lunary
In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources. This issue arises because the user creation endpoint does not restrict admins from invitin...
CVE-2024-9098
CVE-2024-9098 affects lunary-ai/lunary prior to version 1.4.30. The root cause is a user-creation endpoint that allows admins to invite users with billing roles, bypassing access controls and enabling privilege escalation to billing resources. Documented impact is unauthorized access to billing r...
CVE-2024-10275
CVE-2024-10275 affects lunary-ai/lunary (v1.5.5). Multiple connected sources confirm an improper privilege management flaw where admins can grant billing permissions to existing users, enabling privilege escalation to access billing resources and bypass RBAC. Root cause: admins without direct bil...
CVE-2024-23674
The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from...
CVE-2024-23674
The CVE concerns The Online-Ausweis-Funktion eID scheme in the German National Identity Card (through 2024-02-15). A malevolent actor can perform authentication bypass via spoofing, enabling a network-based MITM to impersonate a victim for government, medical, and financial access and to extract ...
Brave Software: There is vulnebility Click Here TO fix
NOTE! Thanks for submitting a report! Please fill all sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty. Summary: add summary of the vulnerability Products affected: operating system, Brave versi...
Delicate Hardware Hacks Could Unlock Shooter's iPhone
A researcher at IOActive believes the U.S. intelligence community has the capability to carry out a delicate hardware hack that could unlock the iPhone 5c at the center of the current FBiOS debate. The attack requires considerable financial resources and acumen with an intrusive attack against th...
SMBs, Non-Profits New Targets of Choice for Attackers
Large enterprises and consumers have been dealing with sophisticated phishing scams, online extortion plots and other assorted theft schemes for years, but now attackers are turning their attention to the huge population of small businesses and non-profits in the U.S. And they are finding a gold...