CVE-2024-5386 | lunary-ai lunary up to 1.2.13 Password Reset Token recoveryToken excessive attack surface

Inserito da Angelo Barbosa | Feb 2, 2026 | CVE

A vulnerability identified as critical has been detected in lunary-ai lunary up to 1.2.13. The affected element is an unknown function of the component Password Reset Token Handler. This manipulation of the argument recoveryToken causes excessive attack surface.

This vulnerability appears as CVE-2024-5386. The attack may be initiated remotely. There is no available exploit.

You should upgrade the affected component.

CVE-2024-5386 | lunary-ai lunary up to 1.2.13 Password Reset Token recoveryToken excessive attack surface

Post correlati

CVE-2025-4046 | Lexmark Cloud Services authorization

CVE-2024-21843 | Intel Computing Improvement Program Software prior 2.4.0.10654 uncontrolled search path (intel-sa-01059)

CVE-2024-7136 | JetSearch Plugin up to 3.5.2 on WordPress cross site scripting

CVE-2024-1905 | Smart Forms Plugin up to 2.6.95 on WordPress Setting cross site scripting