3 matches found
CVE-2024-6086
In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardless of their role, can change the name of an organization due to improper access control. The function checkAccess is not implemented, allowing users with the lowest privileges, such as the 'Prompt Editor' role, to modify...
CVE-2023-30856 eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution
eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The projec...
ZoneMinder Multiple Vulnerabilities
ZoneMinder Multiple Vulnerabilities by Filip Palian filip dot palian at pjwstk dot edu dot pl Software affected: ZoneMinder = 1.23.3 Severity: Critical Description from the vendor site: ZoneMinder is an integrated set of applications which provide a complete surveillance solution allowing capture...