|
1231
|
8.8 |
HIGH
Network
|
lunary
|
lunary
|
An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-5128
|
2024-11-4 02:15 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1232
|
8.1 |
HIGH
Network
|
litellm
|
litellm
|
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-4888
|
2024-11-4 02:15 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1233
|
5.3 |
MEDIUM
Network
mintplexlabs
|
anythingllm
|
A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. The vu…
Update
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-3102
|
2024-11-4 02:15 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1234
|
9.8 |
CRITICAL
Network
man
|
d-tale
|
man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in th…
Update
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-3408
|
2024-11-4 02:15 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1235
|
4.7 |
MEDIUM
Local
|
langchain
|
langchain
|
A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sit…
Update
|
CWE-674
Uncontrolled Recursion
|
CVE-2024-2965
|
2024-11-4 02:15 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1236
|
5.4 |
MEDIUM
Network
|
lunary
|
lunary
|
In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended fo…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-5127
|
2024-11-4 02:15 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1237
|
9.4 |
CRITICAL
Network
mintplexlabs
|
anythingllm
|
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to …
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-3033
|
2024-11-4 02:15 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1238
|
9.8 |
CRITICAL
Network
tailoring_management_system_project
|
tailoring_management_system
|
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file expcatadd.php. The manipulat…
|
CWE-89
SQL Injection
|
CVE-2024-7081
|
2024-11-3 04:15 |
2024-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1239
|
7.1 |
HIGH
Local
|
apple
|
macos
|
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass …
|
NVD-CWE-noinfo
|
CVE-2024-44159
|
2024-11-2 06:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1240
|
- |
|
-
|
-
|
Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLog…
|
-
|
CVE-2024-37879
|
2024-11-2 06:35 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
