Lucene search
K

6 matches found

CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

Gitea security vulnerabilities

Gitea is a lightweight Git service developed using Go language in the Gitea community. Gitea has a security vulnerability that stems from improper verification of project ownership during organizational project operations. This vulnerability could allow a user with write access to an organization...

9.1CVSS5.8AI score0.00392EPSS
Exploits0References5
OSV
OSV
added 2024/04/16 12:15 a.m.19 views

CVE-2024-1626

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...

8.1CVSS6.5AI score
Exploits0References2
NVD
NVD
added 2024/04/16 12:15 a.m.20 views

CVE-2024-1626

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...

9.1CVSS9AI score0.00479EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.16 views

CVE-2024-1626 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...

9.1CVSS6.5AI score0.00479EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.19 views

CVE-2024-1626 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...

9.1CVSS9.1AI score0.00479EPSS
Exploits1References2
CVE
CVE
added 2024/04/16 12:0 a.m.68 views

CVE-2024-1626

CVE-2024-1626 affects lunary-ai/lunary (version 0.3.0). Affected component: project update endpoint /v1/projects/:projectId. Root cause: insufficient authorization checks allow authenticated users to modify any project’s name by referencing a projectId not owned by them, enabling cross-organizati...

9.1CVSS6.4AI score0.00479EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder