Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5386 | 1 Lunary | 1 Lunary | 2026-02-11 | N/A | 8.8 HIGH |
|
In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user with a 'viewer' role can exploit this vulnerability to hijack another user's account by obtaining the password reset token. The vulnerability is triggered when the 'viewer' role user sends a specific request to the server, which responds with a password reset token in the 'recoveryToken' parameter. This token can then be used to reset the password of another user's account with ...
Show More |
|||||
| CVE-2023-49722 | 1 Bosch | 6 Bcc101, Bcc101 Firmware, Bcc102 and 3 more | 2024-11-21 | N/A | 8.3 HIGH |
|
Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network.
|
|||||
| CVE-2023-0435 | 1 Pyload | 1 Pyload | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41.
|
|||||
| CVE-2022-2037 | 1 Tooljet | 1 Tooljet | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
|
Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0.
|
|||||
| CVE-2022-1715 | 1 Facturascripts | 1 Facturascripts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07.
|
|||||