An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint. This vulnerability allows unauthorize ...

Continue Reading

April 16, 2024

mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logo_filename' parameter in t ...

Continue Reading

April 16, 2024

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs ...

Continue Reading

April 16, 2024

The version of PaperCut MF installed on the remote Windows host is affected by multiple vulnerabilities, as follows: - This allows attackers to use a maliciously formed API request to gain access to a ...

Continue Reading

April 16, 2024

The version of PaperCut NG installed on the remote Windows host is affected by multiple vulnerabilities, as follows: - This allows attackers to use a maliciously formed API request to gain access to a ...

Continue Reading

April 16, 2024

This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code executi ...

Continue Reading

April 15, 2024

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages libvirt - Libvirt virtualization toolkit Details Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls ...

Continue Reading

April 15, 2024

Impact I can convince the UI to let me do things with an invalid Application. 1. Admin gives me p, michael, applications, *, demo/*, allow, where demo can just deploy to the demo namespace 2. Admin gi ...

Continue Reading

April 15, 2024