Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
request project request vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4154
In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project's endpoint with a new name for a project, despite...
NA
CVE-2024-1626
An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization che...
NA
CVE-2024-31461
Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions before 0.17-dev. This issue may allow an malicious user to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access...
NA
CVE-2024-1625
An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, wh...
NA
CVE-2024-31455
Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing paren...
NA
CVE-2024-1522
A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote malicious users to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enab...
NA
CVE-2024-29186
Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. Dur...
NA
CVE_2023_46805
Penetration testing of https://ris.ucll.be/ Tools used Nmap It looks like the host is running on Azure since the ports are open by default 1221 and 8172. This is also indicated by the fingerprint Microsoft Azure Web App. The Python webserver being used is Gunicorn, it is a Unix b...
1 Github repository
NA
CVE-2024-0590
The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated malicious users to cha...
NA
CVE-2024-25626
Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake prior to 2.6.2 (before and included Yocto Project 4.3.1), with the Toaster server (included in bitbake)...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »