17 matches found
lunary access control error vulnerability (CNVD-2025-08306)
lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from the PATCH /v1/runs/:id/score endpoint not implementing the access control mechanism correctly, and directly referencing data transmitted from the client as an objec...
lunary /v1/evaluators/endpoint access control error vulnerability
lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from insufficient access control in /v1/evaluators/endpoints, and can be exploited by an attacker to obtain sensitive information...
lunary authorization issue vulnerability (CNVD-2025-07603)
lunary is lunary open source a production toolkit for LLM . An authorization issue vulnerability exists in lunary that stems from the checklists.post endpoint not being properly privilege-validated and can be exploited by an attacker to cause unauthorized creation or modification of checklists...
lunary denial of service vulnerability (CNVD-2025-07604)
lunary is lunary open source a production toolkit for LLM . A denial of service vulnerability exists in lunary that stems from the use of an insecure regular expression in the compileTextTemplate function. An attacker can exploit this vulnerability to cause a denial of service...
Lunary 授权问题漏洞
lunary is lunary open source a production toolkit for LLM . An authorization issue vulnerability exists in lunary that stems from the /checklists/:id route not being properly access controlled, which can be exploited by an attacker to cause a low-privileged user to modify the checklist...
Lunary Information Disclosure Vulnerability
lunary is lunary open source a production toolkit for LLM . lunary suffers from an information disclosure vulnerability that stems from the fact that tokens can be exposed to unauthorized actors, allowing them to perform operations on behalf of the user. An attacker could exploit this vulnerabili...
Lunary 安全漏洞
Lunary is a production toolkit for LLMs open sourced by Lunary. A security vulnerability exists in Lunary v1.3.2, which stems from the presence of an IDOR vulnerability that allows an authenticated user to update another user's prompt by manipulating the id parameter in the request...
lunary cross-site request forgery vulnerability (CNVD-2025-09697)
lunary is lunary open source a production toolkit for LLM . Lunary has a cross-site request forgery vulnerability that stems from overly lax CORS settings, no detailed vulnerability details are provided at this time...
lunary access control error vulnerability (CNVD-2025-09698)
lunary is lunary open source a production toolkit for LLM . Lunary suffers from an Access Control Error vulnerability that can be exploited by an attacker to take over a targeted user's account in any of their organizations...
Lunary Access Control Error Vulnerability
lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from insufficient validation of roles and permissions on the backend. An attacker could exploit this vulnerability to cause information disclosure...
Lunary Cross-Site Scripting Vulnerability
lunary is lunary open source a production toolkit for LLM . lunary has a cross-site scripting vulnerability , the vulnerability stems from the failure to escape or validate the user-supplied orgId parameter , an attacker can use the vulnerability to steal user cookies or authentication tokens...
Lunary Security Breach
Lunary is a production toolkit for LLM that is open sourced by lunary. A security vulnerability exists in Lunary version 1.2.13, which stems from inadequate access control...
Lunary 信息泄露漏洞
lunary is a production toolkit for LLM. An information disclosure vulnerability exists in lunary that stems from exposing a password recovery token in an API response. An attacker could exploit this vulnerability to cause an information disclosure...
lunary authorization issue vulnerability (CNVD-2025-12114)
lunary is a production toolkit for LLM. An authorization issue vulnerability exists in lunary, which stems from a lack of authorization and authentication mechanisms, and can be exploited by an attacker to delete a dataset by sending a DELETE request to an endpoint...
lunary access control error vulnerability (CNVD-2025-12113)
lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from the presence of incorrect access control and can be exploited by an attacker to manipulate or access sensitive project data, resulting in data integrity and confidentiality issues...
lunary information disclosure vulnerability (CNVD-2025-12115)
lunary is a production toolkit for LLM. lunary suffers from an information disclosure vulnerability that stems from inadequate validation of user permissions when joining the organization. An attacker could use this vulnerability to read and modify all data within the organization...
lunary information disclosure vulnerability (CNVD-2025-12185)
lunary is a production toolkit for LLM. An information disclosure vulnerability exists in lunary. An attacker can exploit this vulnerability to obtain sensitive information...