Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2025/03/03 7:47 p.m.14 views

Magento LTS vulnerable to stored XSS in theme config fields

As reported by Aakash Adhikari, Github: @justlife4x4, the Design Themes Skin Images / CSS config field allows a Stored XSS when it contains an end script tag. Impact A malicious user with access to this configuration field could use a Stored XSS to affect other authenticated admin users in the...

2.9CVSS5.7AI score0.00248EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/04/16 12:15 a.m.23 views

CVE-2024-1739

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the cas...

9.1CVSS7.2AI score0.00561EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.15 views

CVE-2024-1739 Case Insensitive Email Address Validation Vulnerability in lunary-ai/lunary

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the cas...

7.5CVSS7.9AI score0.00561EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.14 views

CVE-2024-1739 Case Insensitive Email Address Validation Vulnerability in lunary-ai/lunary

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the cas...

7.5CVSS7.2AI score0.00561EPSS
Exploits1References2
CVE
CVE
added 2024/04/16 12:0 a.m.61 views

CVE-2024-1739

CVE-2024-1739 affects lunary-ai/lunary and describes an authentication issue caused by improper validation of email addresses during signup. The server does not treat emails as case-insensitive, allowing multiple accounts to be created for the same address by varying case (e.g., [email protected] vs ...

9.1CVSS7AI score0.00561EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/09/30 10:51 p.m.45 views

GHSA-VP68-2WRM-69QM matrix-sdk-crypto contains potential impersonation via room key forward responses

Impact When matrix-rust-sdk before 0.6 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious...

6.5CVSS8.1AI score0.00485EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/09/30 10:51 p.m.29 views

matrix-sdk-crypto contains potential impersonation via room key forward responses

Impact When matrix-rust-sdk before 0.6 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious...

8.6CVSS7.6AI score0.00485EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder