|
1221
|
- |
|
-
|
-
|
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 an…
Update
|
-
|
CVE-2024-44233
|
2024-11-4 10:35 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1222
|
- |
|
-
|
-
|
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 an…
Update
|
-
|
CVE-2024-44232
|
2024-11-4 10:35 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1223
|
7.1 |
HIGH
Local
|
mapshaper
|
mapshaper
|
The attacker may exploit a path traversal vulnerability leading to information disclosure.
Update
|
CWE-22
Path Traversal
|
CVE-2024-1163
|
2024-11-4 04:15 |
2024-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1224
|
6.5 |
MEDIUM
Network
|
lunary
|
lunary
|
An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' p…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-7473
|
2024-11-4 02:15 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1225
|
7.1 |
HIGH
Network
|
lollms
|
lollms_web_ui
|
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a mult…
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-6959
|
2024-11-4 02:15 |
2024-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1226
|
2.7 |
LOW
Network
|
openwebui
|
open_webui
|
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path…
Update
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-7038
|
2024-11-4 02:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1227
|
4.3 |
MEDIUM
Network
|
lunary
|
lunary
|
A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view …
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-6582
|
2024-11-4 02:15 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1228
|
6.5 |
MEDIUM
Network
|
lunary
|
lunary
|
In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the `GET /v1/users/me/org` endpoint. The platform's role definitions restrict t…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-5248
|
2024-11-4 02:15 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1229
|
6.5 |
MEDIUM
Network
|
lunary
|
lunary
|
An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. The vulnerability allows unauthorized users to view any prompts in an…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-5131
|
2024-11-4 02:15 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1230
|
7.5 |
HIGH
Network
lunary
|
lunary
|
An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, which allows unauthenticated users to delete any dataset. The vulnerability is due to the lack …
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-5130
|
2024-11-4 02:15 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
