Search
Search Results (64 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1902 | 1 Lunary | 1 Lunary | 2025-01-10 | 7.5 High |
| lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization's name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route. | ||||
| CVE-2024-5755 | 1 Lunary | 1 Lunary | 2024-11-21 | 5.3 Medium |
| In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., '[email protected]' and '[email protected]'), leading to incorrect synchronization and potential security issues. | ||||
| CVE-2022-1931 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 8.1 High |
| Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. | ||||
| CVE-2024-4278 | 1 Gitlab | 1 Gitlab | 2024-10-08 | 5.5 Medium |
| An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting. | ||||