CVE-2025-9803

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...

CVE-2025-9803

CVE-2025-9803 affects lunary-ai/lunary version 1.9.34, where the Google OAuth integration fails to verify the aud (audience) field in the Google access token. This allows tokens issued to malicious apps to be accepted, potentially enabling account takeover. The vulnerability is mitigated in versi...

CVE-2025-9803 Improper Authentication in lunary-ai/lunary

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...

EUVD-2025-199529

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' audience field in the access token issued by Google, which is crucial for ensuring the token is intended for the...

PT-2025-47979

Name of the Vulnerable Software and Affected Versions lunary-ai/lunary versions prior to 1.9.35 Description The application is susceptible to account takeover due to flawed authentication within the Google OAuth integration. Specifically, the application does not validate the aud audience field...

WordPress plugin NextCellent Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress NextCellent Gallery plugin 1.9.35 and its previous versions are vulnerable to a cross-site scriptin...