Threats Tagged 'cwe-1125'
View all threats tagged with 'cwe-1125'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cwe-1125'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2024-5386: CWE-1125 Excessive Attack Surface in lunary-ai lunary-ai/lunaryCVE-2024-5386 0 In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user with a 'viewer' role can exploit this vulnerability to hijack another user's account by obtaining the password reset token. The vulnerability is triggered when the 'viewer' role user sends a specific request to the server, which responds with a password reset token in the 'recoveryToken' parameter. This token can then be used to reset the password of another user's account without authorization. The issue results from an excessive attack surface, allowing lower-privileged users to escalate their privileges and take over accounts. Join the discussion | CVE Database V5 | 02/02/2026, 10:36:23 UTC Added: 02/02/2026, 11:00:08 UTC |
Showing 1 to 1 of 1 result