11 matches found
CVE-2024-4147
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, on...
CVE-2024-4147
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, on...
CVE-2024-4147 Insufficient Access Control in lunary-ai/lunary
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, on...
CVE-2024-4147
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, on...
EUVD-2025-7052
Malicious code in bioql PyPI...
LibreChat groupid parameter access control error vulnerability
LibreChat is an enhanced ChatGPT clone. An Access Control Error vulnerability exists in versions of LibreChat prior to 0.7.6, which stems from the groupid parameter not verifying that the prompt ID provided belongs to the current user, and can be exploited by an attacker to cause the deletion of...
CVE-2024-11167 Improper Access Control in danny-avila/librechat
An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users' prompts via the groupid parameter. This issue occurs because the endpoint does not verify whether the provided prompt ID belongs to the current user...
CVE-2024-11167
Affected software/version : danny-avila/librechat
PT-2025-12099 · Librechat · Librechat
Name of the Vulnerable Software and Affected Versions: danny-avila/librechat versions prior to 0.7.6 Description: The issue is related to improper access control, allowing authenticated users to delete other users' prompts. This occurs because the endpoint does not verify whether the provided...
LibreChat 访问控制错误漏洞
LibreChat is an enhanced ChatGPT clone. An Access Control Error vulnerability exists in versions of LibreChat prior to 0.7.6, which stems from the groupid parameter not verifying that the prompt ID provided belongs to the current user, and can be exploited by an attacker to cause the deletion of...
Improper Access Control Allows deleting other users' reminders
Description Because the report I reported before was exploited on the public, I created a new report to exploit on the local machine The vulnerability allows users to delete other users' prompts on the system via the groupid parameter Proof of Concept const deletePromptController = async req, res...