Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/02/03 3:18 p.m.7 views

CVE-2024-4147

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, on...

7.5CVSS5.5AI score0.00388EPSS
Exploits1References1
NVD
NVD
added 2026/02/02 11:16 a.m.6 views

CVE-2024-4147

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, on...

7.5CVSS0.00388EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/02 10:36 a.m.4 views

CVE-2024-4147 Insufficient Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, on...

7.5CVSS5.5AI score0.00388EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/02 10:36 a.m.3 views

CVE-2024-4147

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, on...

7.5CVSS5.5AI score0.00388EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7052

Malicious code in bioql PyPI...

9.4CVSS9.2AI score0.00516EPSS
Exploits1References3
CNVD
CNVD
added 2025/03/27 12:0 a.m.5 views

LibreChat groupid parameter access control error vulnerability

LibreChat is an enhanced ChatGPT clone. An Access Control Error vulnerability exists in versions of LibreChat prior to 0.7.6, which stems from the groupid parameter not verifying that the prompt ID provided belongs to the current user, and can be exploited by an attacker to cause the deletion of...

9.4CVSS6.9AI score0.00516EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:9 a.m.3 views

CVE-2024-11167 Improper Access Control in danny-avila/librechat

An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users' prompts via the groupid parameter. This issue occurs because the endpoint does not verify whether the provided prompt ID belongs to the current user...

9.4CVSS7.2AI score0.00516EPSS
Exploits1References4
CVE
CVE
added 2025/03/20 10:9 a.m.48 views

CVE-2024-11167

Affected software/version : danny-avila/librechat

9.4CVSS9AI score0.00516EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.6 views

PT-2025-12099 · Librechat · Librechat

Name of the Vulnerable Software and Affected Versions: danny-avila/librechat versions prior to 0.7.6 Description: The issue is related to improper access control, allowing authenticated users to delete other users' prompts. This occurs because the endpoint does not verify whether the provided...

9.4CVSS8.9AI score0.00516EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

LibreChat 访问控制错误漏洞

LibreChat is an enhanced ChatGPT clone. An Access Control Error vulnerability exists in versions of LibreChat prior to 0.7.6, which stems from the groupid parameter not verifying that the prompt ID provided belongs to the current user, and can be exploited by an attacker to cause the deletion of...

9.4CVSS6.8AI score0.00516EPSS
Exploits1References2
Huntr
Huntr
added 2024/11/12 2:33 p.m.6 views

Improper Access Control Allows deleting other users' reminders

Description Because the report I reported before was exploited on the public, I created a new report to exploit on the local machine The vulnerability allows users to delete other users' prompts on the system via the groupid parameter Proof of Concept const deletePromptController = async req, res...

9.4CVSS9.2AI score0.00516EPSS
Exploits1
Rows per page
Query Builder