Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-4890 | SQL Injection vulnerability in Litellm 1.27.14 A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. | 4.9 |
| 2024-06-06 | CVE-2024-5126 | Unspecified vulnerability in Lunary An improper access control vulnerability exists in the lunary-ai/lunary repository, specifically within the versions.patch functionality for updating prompts. | 6.5 |
| 2024-06-06 | CVE-2024-5131 | Authorization Bypass Through User-Controlled Key vulnerability in Lunary An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. | 6.5 |
| 2024-06-06 | CVE-2024-5478 | Cross-site Scripting vulnerability in Lunary 1.2.7 A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint `/auth/saml/${org?.id}/metadata` of lunary-ai/lunary version 1.2.7. | 6.1 |
| 2024-06-06 | CVE-2024-2035 | Unspecified vulnerability in Zenml An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. | 6.5 |
| 2024-06-06 | CVE-2024-2171 | Cross-site Scripting vulnerability in Zenml A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. | 4.8 |
| 2024-06-06 | CVE-2024-2383 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Zenml A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. | 6.1 |
| 2024-06-06 | CVE-2024-3099 | Unspecified vulnerability in Lfprojects Mlflow A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. | 5.4 |
| 2024-06-06 | CVE-2024-3504 | Unspecified vulnerability in Lunary An improper access control vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, where an admin can update any organization user to the organization owner. | 6.5 |
| 2024-06-06 | CVE-2024-5127 | Missing Authorization vulnerability in Lunary In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. | 5.4 |