CVE-2024-9000
published 2025-03-20CVE-2024-9000: In lunary-ai/lunary before version 1.4.26, the checklists.post() endpoint allows users to create or modify checklists without validating whether the user has…
PriorityP339medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.51%
39.6th percentile
In lunary-ai/lunary before version 1.4.26, the checklists.post() endpoint allows users to create or modify checklists without validating whether the user has proper permissions. This missing access control permits unauthorized users to create checklists, bypassing intended permission checks. Additionally, the endpoint does not validate the uniqueness of the slug field when creating a new checklist, allowing an attacker to spoof existing checklists by reusing the slug of an already-existing checklist. This can lead to significant data integrity issues, as legitimate checklists can be replaced with malicious or altered data.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloudflare | quiche | >= 0 < 0.19.2 | 0.19.2 |
| cloudflare | quiche | >= 0.20.0 < 0.20.1 | 0.20.1 |
| chrome_chrome | — | — | |
| lunary-ai | lunary-ai_lunary | >= unspecified < 1.4.26 | 1.4.26 |
| lunary | lunary | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv3.07.1HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
vendor_cisco7.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Apache Pinot Vulnerable to Authentication Bypass
ghsa·2025-04-01
CVE-2024-56325 [CRITICAL] CWE-288 Apache Pinot Vulnerable to Authentication Bypass
Apache Pinot Vulnerable to Authentication Bypass
Authentication Bypass Issue
If the path does not contain / and contain., authentication is not required.
Expected Normal Request and Response Example
curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"} http://{server_ip}:9000/users
Return: {"code":401,"error":"HTTP 401 Unauthorized"}
Malicious Request and Response Example
curl -X POST -H "Content-Type: application/json" -d '{\"username\":\"hack\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"}' http://{serverip}
GHSA
GHSA-x552-5vh8-qccx: In lunary-ai/lunary before version 1
ghsa_unreviewed·2025-03-20
CVE-2024-9000 [HIGH] CWE-285 GHSA-x552-5vh8-qccx: In lunary-ai/lunary before version 1
In lunary-ai/lunary before version 1.4.26, the checklists.post() endpoint allows users to create or modify checklists without validating whether the user has proper permissions. This missing access control permits unauthorized users to create checklists, bypassing intended permission checks. Additionally, the endpoint does not validate the uniqueness of the slug field when creating a new checklist, allowing an attacker to spoof existing checklists by reusing the slug of an already-existing checklist. This can lead to significant data integrity issues, as legitimate checklists can be replaced with malicious or altered data.
GHSA
quiche vulnerable to unbounded storage of information related to connection ID retirement
ghsa·2024-03-13
CVE-2024-1410 [LOW] CWE-400 quiche vulnerable to unbounded storage of information related to connection ID retirement
quiche vulnerable to unbounded storage of information related to connection ID retirement
### Impact
Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers (IDs); see [RFC 9000 Section 5.1](https://datatracker.ietf.org/doc/html/rfc9000#section-5.1). Endpoints declare the number of active connection IDs they are willing to support using the active_connection_id_limit transport parameter. The peer can create new IDs using a NEW_CONNECTION_ID frame but must stay within the active ID limit. This is done by retirement of old IDs, the endpoint sends NEW_CONNECTION_ID includes a value in the retire_prior_to field,
GHSA
Graylog vulnerable to instantiation of arbitrary classes triggered by API request
ghsa·2024-02-07
CVE-2024-24824 [HIGH] CWE-284 Graylog vulnerable to instantiation of arbitrary classes triggered by API request
Graylog vulnerable to instantiation of arbitrary classes triggered by API request
### Summary
Arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint.
### Details
Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader.
https://github.com/Graylog2/graylog2-server/blob/e458db8bf4f789d4d19f1b37f0263f910c8d036c/graylog2-server/src/main/java/org/graylog2/rest/resources/system/ClusterConfigResource.java#L208-L214
### PoC
A request of the following form will output the content of the `/etc/passwd` file:
```
curl -u admin: -X PUT http://localhost:9000/api/system/cluster_config/java.io.Fil
Cisco
Cisco Catalyst 9000 Series Switches Denial of Service Vulnerability
vendor_cisco·2024-09-25·CVSS 4.3
CVE-2024-20434 [MEDIUM] CWE-190 Cisco Catalyst 9000 Series Switches Denial of Service Vulnerability
Cisco Catalyst 9000 Series Switches Denial of Service Vulnerability
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device.
This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessible through the console or CLI, and it would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic that is traversing the device through the data plane is not affected. A reload of th
Cisco
Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability
vendor_cisco·2024-03-13·CVSS 7.4
CVE-2024-20327 [HIGH] CWE-20 Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability
Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability
A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition.
This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful ex
Cisco
Cisco Nexus 3000 and 9000 Series Switches Port Channel ACL Programming Vulnerability
vendor_cisco·2024-02-28·CVSS 5.8
CVE-2024-20291 [MEDIUM] CWE-284 Cisco Nexus 3000 and 9000 Series Switches Port Channel ACL Programming Vulnerability
Cisco Nexus 3000 and 9000 Series Switches Port Channel ACL Programming Vulnerability
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device.
This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.
Cisco has released software updates t
Chrome
Stable Channel Update for Desktop: CVE-2024-3170
vendor_chrome·2024-01-23·CVSS 8.8
CVE-2024-3170 [HIGH] Stable Channel Update for Desktop: CVE-2024-3170
Stable Channel Update for Desktop
CVE-2024-3170: Use after free in WebRTC. Reported by Anonymous on 2024-01-05 [$11000][ 1505080 ] High CVE-2024-0807: Use after free in WebAudio
Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-25 [$9000][ 1484394 ] High CVE-2024-0812: Inappropriate implementation in Accessibility
Severity: high
Cisco
Cisco Catalyst 9000 Series Switches Denial of Service Vulnerability
vendor_cisco·CVSS 3.1
CVE-2024-20434 Cisco Catalyst 9000 Series Switches Denial of Service Vulnerability
CVE-2024-20434: Cisco Catalyst 9000 Series Switches Denial of Service Vulnerability
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessible through the console or CLI, and it would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic that is traversing the device through the data plane is not affected.
Cisco
Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability
vendor_cisco·CVSS 3.1
CVE-2024-20327 Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability
CVE-2024-20327: Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability
A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A
Cisco
Cisco Nexus 3000 and 9000 Series Switches Port Channel ACL Programming Vulnerability
vendor_cisco·CVSS 3.1
CVE-2024-20291 Cisco Nexus 3000 and 9000 Series Switches Port Channel ACL Programming Vulnerability
CVE-2024-20291: Cisco Nexus 3000 and 9000 Series Switches Port Channel ACL Programming Vulnerability
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces. Cisco has released softw
Suricata
ET WEB_SPECIFIC_APPS Shenzhen TVT NVMS-9000 Information Disclosure Attempt (CVE-2024-14007)
suricata·2025-11-25·CVSS 8.7
CVE-2024-14007 [HIGH] ET WEB_SPECIFIC_APPS Shenzhen TVT NVMS-9000 Information Disclosure Attempt (CVE-2024-14007)
ET WEB_SPECIFIC_APPS Shenzhen TVT NVMS-9000 Information Disclosure Attempt (CVE-2024-14007)
Rule: alert tcp any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Shenzhen TVT NVMS-9000 Information Disclosure Attempt (CVE-2024-14007)"; flow:established,to_server; content:"systemType|3d 22|NVMS-9000|22 20|clientType|3d 22|WEB|22 20|url|3d 22|query"; fast_pattern; reference:cve,2024-14007; reference:url,ssd-disclosure.com/ssd-advisory-nvms9000-information-disclosure/; classtype:attempted-admin; sid:2065916; rev:1; metadata:affected_product Shenzhen_Atemi, attack_target IoT, tls_state plaintext, created_at 2025_11_25, cve CVE_2024_14007, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpo
No writeups or analysis indexed.
2025-03-20
Published