591
|
6.5 |
MEDIUM
Network
|
lunary
|
lunary
|
An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. The vulnerability allows unauthorized users to view any prompts in an…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-5131
|
2024-10-4 01:59 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
592
|
7.5 |
HIGH
Network
lunary
|
lunary
|
An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, which allows unauthenticated users to delete any dataset. The vulnerability is due to the lack …
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-5130
|
2024-10-4 01:57 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
593
|
8.2 |
HIGH
Network
lunary
|
lunary
|
A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. The vulnerability is present in the dataset …
Update
|
CWE-862
Missing Authorization
|
CVE-2024-5129
|
2024-10-4 01:56 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
594
|
6.5 |
MEDIUM
Network
|
lunary
|
lunary
|
An improper access control vulnerability exists in the lunary-ai/lunary repository, specifically within the versions.patch functionality for updating prompts. Affected versions include 1.2.2 up to bu…
Update
|
NVD-CWE-noinfo
|
CVE-2024-5126
|
2024-10-4 01:52 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
595
|
9.8 |
CRITICAL
Network
motorola
|
vigilant_fixed_lpr_coms_box_firmware
|
An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device.
Update
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-38281
|
2024-10-4 01:51 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
596
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
The panasonic laptop code in various places uses the SINF a…
Update
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46859
|
2024-10-4 01:47 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
597
|
8.0 |
HIGH
Adjacent
|
ivanti
|
endpoint_manager
|
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
Update
|
CWE-89
SQL Injection
|
CVE-2024-29846
|
2024-10-4 01:46 |
2024-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
598
|
8.0 |
HIGH
Adjacent
|
ivanti
|
endpoint_manager
|
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
Update
|
CWE-89
SQL Injection
|
CVE-2024-29830
|
2024-10-4 01:46 |
2024-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
599
|
8.0 |
HIGH
Adjacent
|
ivanti
|
endpoint_manager
|
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
Update
|
CWE-89
SQL Injection
|
CVE-2024-29829
|
2024-10-4 01:46 |
2024-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
600
|
8.0 |
HIGH
Adjacent
|
ivanti
|
endpoint_manager
|
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
Update
|
CWE-89
SQL Injection
|
CVE-2024-29828
|
2024-10-4 01:46 |
2024-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|