0.0
CVE-2024-52384 - WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation plugin <= 2.4.9 -β¦
Unrestricted Upload of File with Dangerous Type vulnerability in wpmonks Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation:β¦
9.1
CVE-2024-3502 - Exposure of Sensitive Information in lunary-ai/lunary
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. This issue occurs when authenticated users inspect responses from `GET /v1/users/me` and `GET /v1/users/me/β¦
9.1
CVE-2024-3501 - Exposure of Sensitive Information in lunary-ai/lunary
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. These tokens, intended for sensitive operations such as password resets oβ¦
9.6
CVE-2024-3379 - Incorrect Authorization in lunary-ai/lunary
In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project withoβ¦
0.0
CVE-2024-52381 - WordPress ZIJ KART plugin <= 1.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Shoaib Rehmat ZIJ KART zij-kart allows PHP Local File Inclusion.This issue affects ZIJ KART: from n/a through <= 1.1.
9.8
CVE-2024-4343 - Python Command Injection in imartinez/privategpt
A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the `eval()` function tβ¦
4.3
CVE-2024-1682 - Unclaimed S3 Bucket Reference in psf/requests Documentation
An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of trustworthinessβ¦
8.8
CVE-2024-52396 - WordPress WOLF plugin <= 1.0.8.3 - CSV Limited Path Traversal vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RealMag777 WOLF bulk-editor allows Path Traversal.This issue affects WOLF: from n/a through <= 1.0.8.3.
0.0
CVE-2024-52371 - WordPress Global Gateway e4 plugin <= 2.0 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DonnellC Global Gateway e4 | Payeezy Gateway | globe-gateway-e4.This issue affects Global Gateway e4 | Payeezy Gateway |: from n/a through <= 2.0.
7.2
CVE-2024-52393 - WordPress Podlove Podcast Publisher plugin <= 4.1.15 - Admin+ Remote Code Execution (RCE) vulnerabiβ¦
Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This issue affects Podlove Podcast Publisher: from n/a through <= 4.1.15.