A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the &# ...
Continue Reading
June 07, 2024
In lunary-ai/lunary version 1.2.2, a business logic error allows users to bypass the intended limitations on team member invitations and additions, regardless of their subscription plan. The vulnerabi ...
Continue Reading
June 07, 2024
In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure of password recovery tokens in API responses. Specifically, when a user initiates the password reset pro ...
Continue Reading
June 07, 2024
In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths ...
Continue Reading
June 07, 2024
A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved m ...
Continue Reading
June 07, 2024
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated ...
Continue Reading
June 07, 2024
Summary The CVE allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. Details Unauthenticated Access: Endpoint: /api/v1/settings Descripti ...
Continue Reading
June 07, 2024
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify t ...
Continue Reading
June 07, 2024
Back to Main
