CVE-2025-9803 Improper Authentication in lunary-ai/lunary

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...

EUVD-2025-199529

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...

Lunary 安全漏洞

Lunary is a production toolkit for LLMs open sourced by Lunary. A security vulnerability exists in Lunary version 1.9.34 that stems from an unvalidated aud field in the Google OAuth integration, which could lead to an account takeover...

CVE-2013-7065

The Organic Groups OG module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the oggroupref field...