17 matches found
EUVD-2019-0039
Malware in sbrugna...
Breaking to Build: a Threat Model of Prompt-Based Attacks for Securing LLMs
The proliferation of Large Language Models LLMs has introduced critical security challenges, where adversarial actors can manipulate input prompts to cause significant harm and circumvent safety alignments. These prompt-based attacks exploit vulnerabilities in a model's design, training, and...
REDEditing: Relationship-Driven Precise Backdoor Poisoning on Text-To-Image Diffusion Models
The rapid advancement of generative AI highlights the importance of text-to-image T2I security, particularly with the threat of backdoor poisoning. Timely disclosure and mitigation of security vulnerabilities in T2I models are crucial for ensuring the safe deployment of generative models. We...
Torchbox Wagtail Security Breach
Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A security vulnerability exists in Torchbox Wagtail versions prior to 6.0.5 and prior to 6.1.2, which stems from an improperly applied permission check in the wagtail.contrib.settings module, which can be exploited...
Silverstripe SiteTree Creation Permission Vulnerability
A vulnerability exists in the permission validation for SiteTree object creation. By default user permissions are not validated by the SiteTree::canCreate method, unless overridden by user code or via the configuration system. This vulnerability will allow users, or unauthenticated guests, to...
CVE-2024-32882
CVE-2024-32882 affects Wagtail. In affected versions, if a model is editable via wagtail.contrib.settings or ModelViewSet and a field is restricted with the FieldPanel.permission setting, a user who has edit permission on the model but not on the specific field can craft an HTTP POST that bypasse...
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
Impact If a model has been made available for editing through the wagtail.contrib.settings module or ModelViewSet, and the permission argument on FieldPanel has been used to further restrict access to one or more fields of the model, a user with edit permission over the model but not the specific...
CVE-2019-19118
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...
GHSA-HVMF-R92R-27HR Django allows unintended model editing
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...
Django allows unintended model editing
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...
CVE-2019-19118
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...
CVE-2019-19118
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...
Design/Logic Flaw
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...
CVE-2019-19118
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...
CVE-2019-19118
CVE-2019-19118 affects Django Framework: versions 2.1 before 2.1.15 and 2.2 before 2.2.8. The issue arises in the admin inline editing UI: if a user has view permissions on a parent model but edit permissions on the inline model, the UI could allow POST requests to update the inline model, while ...
CVE-2019-19118
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...
CVE-2019-19118
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...