CyberSecurityBoard
Sponsor Register Login

CVE-2024-5131

An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. The vulnerability allows unauthorized users to view any prompts in any projects by supplying a specific prompt ID to an endpoint that does not adequately verify the ownership of the prompt ID. This issue was fixed in version 1.2.25.

Publication date: Thu, 06 Jun 2024 19:16:00 +0000


Cyber News related to CVE-2024-5131

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
2 months ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
9 months ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
9 months ago Cisa.gov
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
6 months ago Tenable.com
CVE-2024-5131 - An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. The vulnerability allows unauthorized users to view any prompts in any projects by supplying a specific prompt ID to an ...
1 month ago
The Top 24 Security Predictions for 2024 - Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more. Last week, in part one of The Top 24 ...
1 year ago Securityboulevard.com
CVE-2015-5133 - Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute ...
6 years ago
CVE-2015-5132 - Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute ...
6 years ago
CVE-2015-5131 - Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute ...
6 years ago
CVE-2007-5425 - SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131. ...
6 years ago
CVE-2009-5131 - The Receive Service in Websense Email Security before 7.1 does not recognize domain extensions in the blacklist, which allows remote attackers to bypass intended access restrictions and send e-mail messages via an SMTP session. ...
12 years ago
CVE-2012-5131 - Google Chrome before 23.0.1271.91 on Mac OS X does not properly mitigate improper rendering behavior in the Intel GPU driver, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. ...
11 years ago
CVE-2013-5131 - Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. ...
11 years ago
CVE-2011-5131 - Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter. ...
7 years ago
CVE-2008-5131 - Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel ...
7 years ago
CVE-2017-5131 - An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write. ...
6 years ago
CVE-2007-5131 - SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x allows remote attackers to execute arbitrary SQL commands via the catId parameter in a browse action. NOTE: it was separately reported that ActiveKB 1.5 is also affected. ...
6 years ago
CVE-2006-5131 - module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "<?php" and "?>", possibly due to a static code ...
6 years ago
CVE-2018-5131 - Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can ...
5 years ago
CVE-2014-5131 - Avolve Software ProjectDox 8.1 makes it easier for remote authenticated users to obtain sensitive information by leveraging ciphertext reuse. ...
5 years ago
CVE-2016-5131 - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. ...
5 years ago
CVE-2016-11053 - An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5131 (January 2016). ...
4 years ago
CVE-2020-5131 - SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender ...
4 years ago
CVE-2019-5131 - An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in ...
2 years ago
CVE-2010-5131 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none ...
54 years ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)