A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and m ...

Continue Reading

April 16, 2024

An issue was discovered in gradio-app/gradio, where the /component_server endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, ...

Continue Reading

April 16, 2024

lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluation creation due to missing server-side checks for user account status during evaluation creation. While the web UI restricts evalua ...

Continue Reading

April 16, 2024

An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint. This vulnerability allows unauthorize ...

Continue Reading

April 16, 2024

mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logo_filename' parameter in t ...

Continue Reading

April 16, 2024

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs ...

Continue Reading

April 16, 2024

The version of PaperCut MF installed on the remote Windows host is affected by multiple vulnerabilities, as follows: - This allows attackers to use a maliciously formed API request to gain access to a ...

Continue Reading

April 16, 2024

The version of PaperCut NG installed on the remote Windows host is affected by multiple vulnerabilities, as follows: - This allows attackers to use a maliciously formed API request to gain access to a ...

Continue Reading

April 16, 2024