2 matches found
PT-2026-5650
Name of the Vulnerable Software and Affected Versions lunary-ai/lunary version 1.2.13 Description An insufficient granularity of access control allows users to delete prompts created in other organizations through ID manipulation. The application does not validate the ownership of the prompt befo...
CVE-2024-11167
An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users' prompts via the groupid parameter. This issue occurs because the endpoint does not verify whether the provided prompt ID belongs to the current user...