Lucene search
K

17 matches found

CNVD
CNVD
added 2025/03/27 12:0 a.m.6 views

lunary access control error vulnerability (CNVD-2025-08306)

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from the PATCH /v1/runs/:id/score endpoint not implementing the access control mechanism correctly, and directly referencing data transmitted from the client as an objec...

7.5CVSS6.7AI score0.00525EPSS
Exploits1References1
CNVD
CNVD
added 2025/03/27 12:0 a.m.2 views

lunary /v1/evaluators/endpoint access control error vulnerability

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from insufficient access control in /v1/evaluators/endpoints, and can be exploited by an attacker to obtain sensitive information...

6.5CVSS6.5AI score0.00487EPSS
Exploits1References1
CNVD
CNVD
added 2025/03/27 12:0 a.m.12 views

lunary authorization issue vulnerability (CNVD-2025-07603)

lunary is lunary open source a production toolkit for LLM . An authorization issue vulnerability exists in lunary that stems from the checklists.post endpoint not being properly privilege-validated and can be exploited by an attacker to cause unauthorized creation or modification of checklists...

7.1CVSS6.7AI score0.0051EPSS
Exploits1References1
CNVD
CNVD
added 2025/03/27 12:0 a.m.3 views

lunary denial of service vulnerability (CNVD-2025-07604)

lunary is lunary open source a production toolkit for LLM . A denial of service vulnerability exists in lunary that stems from the use of an insecure regular expression in the compileTextTemplate function. An attacker can exploit this vulnerability to cause a denial of service...

7.5CVSS6.6AI score0.00761EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

Lunary 授权问题漏洞

lunary is lunary open source a production toolkit for LLM . An authorization issue vulnerability exists in lunary that stems from the /checklists/:id route not being properly access controlled, which can be exploited by an attacker to cause a low-privileged user to modify the checklist...

7.6CVSS7.4AI score0.0048EPSS
Exploits1References2
CNVD
CNVD
added 2024/11/19 12:0 a.m.8 views

Lunary Information Disclosure Vulnerability

lunary is lunary open source a production toolkit for LLM . lunary suffers from an information disclosure vulnerability that stems from the fact that tokens can be exposed to unauthorized actors, allowing them to perform operations on behalf of the user. An attacker could exploit this vulnerabili...

9.1CVSS6AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.6 views

Lunary 安全漏洞

Lunary is a production toolkit for LLMs open sourced by Lunary. A security vulnerability exists in Lunary v1.3.2, which stems from the presence of an IDOR vulnerability that allows an authenticated user to update another user's prompt by manipulating the id parameter in the request...

7.5CVSS7.7AI score0.00433EPSS
Exploits1References2
CNVD
CNVD
added 2024/09/18 12:0 a.m.2 views

lunary cross-site request forgery vulnerability (CNVD-2025-09697)

lunary is lunary open source a production toolkit for LLM . Lunary has a cross-site request forgery vulnerability that stems from overly lax CORS settings, no detailed vulnerability details are provided at this time...

8.1CVSS7.1AI score0.00275EPSS
Exploits1References1
CNVD
CNVD
added 2024/09/18 12:0 a.m.3 views

lunary access control error vulnerability (CNVD-2025-09698)

lunary is lunary open source a production toolkit for LLM . Lunary suffers from an Access Control Error vulnerability that can be exploited by an attacker to take over a targeted user's account in any of their organizations...

6.5CVSS7AI score0.0044EPSS
Exploits1References1
CNVD
CNVD
added 2024/06/13 12:0 a.m.2 views

Lunary Access Control Error Vulnerability

lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from insufficient validation of roles and permissions on the backend. An attacker could exploit this vulnerability to cause information disclosure...

5.4CVSS5.1AI score0.00298EPSS
Exploits1References1
CNVD
CNVD
added 2024/06/13 12:0 a.m.2 views

Lunary Cross-Site Scripting Vulnerability

lunary is lunary open source a production toolkit for LLM . lunary has a cross-site scripting vulnerability , the vulnerability stems from the failure to escape or validate the user-supplied orgId parameter , an attacker can use the vulnerability to steal user cookies or authentication tokens...

7.4CVSS6.6AI score0.00347EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/06/09 12:0 a.m.6 views

Lunary Security Breach

Lunary is a production toolkit for LLM that is open sourced by lunary. A security vulnerability exists in Lunary version 1.2.13, which stems from inadequate access control...

8.1CVSS6.8AI score0.00431EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.4 views

Lunary 信息泄露漏洞

lunary is a production toolkit for LLM. An information disclosure vulnerability exists in lunary that stems from exposing a password recovery token in an API response. An attacker could exploit this vulnerability to cause an information disclosure...

9.1CVSS6.3AI score0.00543EPSS
Exploits1References2
CNVD
CNVD
added 2024/05/30 12:0 a.m.2 views

lunary authorization issue vulnerability (CNVD-2025-12114)

lunary is a production toolkit for LLM. An authorization issue vulnerability exists in lunary, which stems from a lack of authorization and authentication mechanisms, and can be exploited by an attacker to delete a dataset by sending a DELETE request to an endpoint...

9.1CVSS9.3AI score0.0047EPSS
Exploits1References1
CNVD
CNVD
added 2024/05/30 12:0 a.m.3 views

lunary access control error vulnerability (CNVD-2025-12113)

lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from the presence of incorrect access control and can be exploited by an attacker to manipulate or access sensitive project data, resulting in data integrity and confidentiality issues...

8.3CVSS8.2AI score0.00391EPSS
Exploits1References1
CNVD
CNVD
added 2024/05/07 12:0 a.m.3 views

lunary information disclosure vulnerability (CNVD-2025-12115)

lunary is a production toolkit for LLM. lunary suffers from an information disclosure vulnerability that stems from inadequate validation of user permissions when joining the organization. An attacker could use this vulnerability to read and modify all data within the organization...

9.1CVSS8.7AI score0.0068EPSS
Exploits0References1
CNVD
CNVD
added 2024/04/22 12:0 a.m.2 views

lunary information disclosure vulnerability (CNVD-2025-12185)

lunary is a production toolkit for LLM. An information disclosure vulnerability exists in lunary. An attacker can exploit this vulnerability to obtain sensitive information...

9.1CVSS8.7AI score0.00637EPSS
Exploits1References1
Rows per page
Query Builder