9 matches found
CVE-2025-9803
lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...
CVE-2025-9803
lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...
CVE-2025-9803 Improper Authentication in lunary-ai/lunary
lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...
Lunary 安全漏洞
Lunary is a production toolkit for LLMs open sourced by Lunary. A security vulnerability exists in Lunary version 1.9.34 that stems from an unvalidated aud field in the Google OAuth integration, which could lead to an account takeover...
PT-2025-47979
Name of the Vulnerable Software and Affected Versions lunary-ai/lunary versions prior to 1.9.35 Description The application is susceptible to account takeover due to flawed authentication within the Google OAuth integration. Specifically, the application does not validate the aud audience field...
NagVis 路径遍历漏洞
NagVis is a program from NagVis Open Source. Used to visualize your chosen monitoring core data in a user-friendly way. A security vulnerability exists in Nagvis versions prior to 1.9.34, which stems from an arbitrary file read vulnerability in the /core/classes/NagVisHoverUrl.php file...
DEBIAN-CVE-2022-3979
A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated...
CVE-2022-3979
A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated...
UBUNTU-CVE-2022-3979
A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated...