9 matches found
EUVD-2024-17401
Malicious code in bioql PyPI...
CVE-2024-1666
In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...
CVE-2024-1666
In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...
CVE-2024-1666
CVE-2024-1666 affects lunary-ai/lunary 1.0.0, where an authorization flaw allows unauthorized radar creation. The root cause is missing server-side checks to verify a user’s paid/upgraded status during radar creation (enforced only in the web UI). Attackers can bypass account upgrade requirements...
CVE-2024-1666 Unauthorized Radar Creation in lunary-ai/lunary
In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...
CVE-2024-1666 Unauthorized Radar Creation in lunary-ai/lunary
In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...
CVE-2024-1599
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Privilege escalation
Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method allows an attacker t...
DedeCms v5. 6-5. 7 explosion serious security vulnerability free account and password directly into the background-bug warning-the black bar safety net
As is well known, due to the use of simple, customer base, and more, weaving dreams CMS has been broke many vulnerabilities. Today xiaobian in the group to get the woven dream official forum, a moderator and reliable message:“DEDECMS explosion serious security vulnerability, the recent official...