Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/02/03 3:18 p.m.10 views

CVE-2024-5386

In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user with a 'viewer' role can exploit this vulnerability to hijack another user's account by obtaining the password reset token. The vulnerability is triggered when the 'viewer' role...

9.6CVSS5.5AI score0.00482EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/02/02 10:36 a.m.28 views

CVE-2024-5386 Account Hijacking via Password Reset Token Leak in lunary-ai/lunary

In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user with a 'viewer' role can exploit this vulnerability to hijack another user's account by obtaining the password reset token. The vulnerability is triggered when the 'viewer' role...

9.6CVSS0.00482EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-46386

Malicious code in bioql PyPI...

8.2CVSS8.3AI score0.0045EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/05 6:29 a.m.6 views

CVE-2024-5129

A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. The vulnerability is present in the dataset deletion functionality, where the application fails to verify if the user requesting the deletion...

8.2CVSS7.9AI score0.0045EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:16 a.m.10 views

CVE-2024-4151

An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. This vulnerability allows unauthorized users to...

8.3CVSS6.7AI score0.00391EPSS
Exploits1References1
Rows per page
Query Builder