In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure of password recovery tokens in API responses. Specifically, when a user initiates the password reset pro ...
Continue Reading
June 06, 2024
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the &# ...
Continue Reading
June 06, 2024
In lunary-ai/lunary version 1.2.2, a business logic error allows users to bypass the intended limitations on team member invitations and additions, regardless of their subscription plan. The vulnerabi ...
Continue Reading
June 06, 2024
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded lin ...
Continue Reading
June 06, 2024
A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. ...
Continue Reading
June 06, 2024
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify t ...
Continue Reading
June 06, 2024
A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. ...
Continue Reading
June 06, 2024
A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnera ...
Continue Reading
June 06, 2024
Back to Main
