CVE-2024-11302

HIGH Year: 2024
CVSS v3 Score
8.0
High
Weakness Type
CWE-304
View all →

Vulnerability Description

A missing check_access() function in the lollms_binding_infos module of the parisneo/lollms repository, version V14, allows attackers to add, modify, and remove bindings arbitrarily. This vulnerability affects the /install_binding and /reinstall_binding endpoints, among others, enabling unauthorized access and manipulation of binding settings without requiring the client_id value.

Related Vulnerabilities

CVE-2024-9216

HIGH
CVSS:8.1(High)

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the ...

CWE-3042024

CVE-2024-12136

HIGH
CVSS:7.8(High)

Missing Critical Step in Authentication vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Authentication Bypass.This issue affects ANKA JPD-00028: through 19.03.2025. NOTE: The vendor did not...

CWE-3042024

CVE-2024-9919

HIGH
CVSS:8.4(High)

A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/{app_name} API endpoint does not call...

CWE-3042024

CVE-2024-20153

HIGH
CVSS:7.5(High)

In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User inte...

CWE-3042024

CVE-2023-52424

HIGH
CVSS:7.4(High)

The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or ...

CWE-3042023

CVE-2022-1065

HIGH
CVSS:8.8(High)

A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-0...

CWE-3042022