CVE-2024-5755

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-821
View all →

Vulnerability Description

In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., '[email protected]' and '[email protected]'), leading to incorrect synchronization and potential security issues.

Related Vulnerabilities

CVE-2024-6657

MEDIUM
CVSS:6.5(Medium)

A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. A hard reset is required to recove...

CWE-8212024

CVE-2024-58132

MEDIUM
CVSS:4.0(Medium)

In chainmaker-go (aka ChainMaker) before 2.3.6, multiple updates to a single node's configuration can cause other normal nodes to perform concurrent read and write operations on a map, leading to a pa...

CWE-8212024

CVE-2024-58133

MEDIUM
CVSS:4.0(Medium)

In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates to a node's configuration file and restarting this node, concurrent writes by logger.go to a map are mishandled. Creating o...

CWE-8212024

CVE-2024-58131

LOW
CVSS:3.7(Low)

FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time valu...

CWE-8212024

CVE-2023-5088

HIGH
CVSS:7.0(High)

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for...

CWE-8212023

CVE-2022-1931

CRITICAL
CVSS:9.1(Critical)

Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.

CWE-8212022