Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-6087 | Unspecified vulnerability in Lunary An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. | 6.5 |
| 2024-09-13 | CVE-2024-6582 | Missing Authentication for Critical Function vulnerability in Lunary A broken access control vulnerability exists in the latest version of lunary-ai/lunary. | 4.3 |
| 2024-09-13 | CVE-2024-6862 | Cross-Site Request Forgery (CSRF) vulnerability in Lunary 1.2.34 A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/lunary version 1.2.34 due to overly permissive CORS settings. | 8.1 |
| 2024-09-13 | CVE-2024-6867 | Insufficient Granularity of Access Control vulnerability in Lunary 1.4.9 An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. | 6.5 |
| 2024-09-13 | CVE-2024-42025 | Command Injection vulnerability in UI Unifi Network Application A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device. | 7.8 |
| 2024-09-13 | CVE-2024-44798 | Cross-site Scripting vulnerability in Anujk305 BUS Pass Management System 1.0 phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters. | 4.8 |
| 2024-09-13 | CVE-2024-6587 | Server-Side Request Forgery (SSRF) vulnerability in Litellm 1.38.10 A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. | 7.5 |
| 2024-09-13 | CVE-2022-2446 | Deserialization of Untrusted Data vulnerability in Benjaminrojas WP Editor The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. | 7.2 |
| 2024-09-13 | CVE-2024-5789 | Cross-site Scripting vulnerability in Towfiqi Triton Lite The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-13 | CVE-2024-5867 | Cross-site Scripting vulnerability in Nattywp Delicate The Delicate theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter within the theme's Button shortcode in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. | 5.4 |