Vulnerabilities > Lunary > Lunary > 1.4.0

DATE CVE VULNERABILITY TITLE RISK
2024-09-13 CVE-2024-6087 Unspecified vulnerability in Lunary
An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch.
network
low complexity
lunary
6.5
6.5
2024-09-13 CVE-2024-6582 Missing Authentication for Critical Function vulnerability in Lunary
A broken access control vulnerability exists in the latest version of lunary-ai/lunary.
network
low complexity
lunary CWE-306
4.3
4.3
2024-06-06 CVE-2024-5248 Unspecified vulnerability in Lunary
In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the `GET /v1/users/me/org` endpoint.
network
low complexity
lunary
6.5
6.5
2024-06-06 CVE-2024-5277 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Lunary
In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use.
network
high complexity
lunary CWE-640
7.5
7.5