CVE-2026-7042

The CVE concerns 666ghj MiroFish REST API Endpoint (up to version 0.1.2). The flaw is in the create_app function located at backend/app/init .py, described as missing authentication. This can enable remote abuse, with a published exploit mentioned in the description. No remediation or patch detai...

CVE-2026-7042 666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication

A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function createapp of the file backend/app/init.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published a...

MiroFish 授权问题漏洞

MiroFish is a crowd intelligence prediction engine developed by BaiFu personally. It is used to simulate and predict the future. Versions of MiroFish prior to 0.1.2 have a licensing issue vulnerability. This vulnerability stems from improper handling of the createapp function in the REST API...

PT-2026-35224

A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create app of the file backend/app/ init .py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been publishe...

CVE-2023-29921

PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface...

EUVD-2023-1357

Malicious code in bioql PyPI...

MAL-2025-5682 Malicious code in create-app-attachment-github-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c953841a642283b64ae3a2782a5904f4aeb52efcb9b9d091c106ec140f993559 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@bitrefill/airfill-widget (>=4.2.2 <=4.8.3), @chialab/rna-cli (>=2.2.0 <=4.0.0-beta.22) +94 more potentially affected by CVE-2024-21528 via node-gettext (>=0.1.2 <=3.0.0)

node-gettext NPM version =0.1.2, =4.2.2, =2.2.0, =2.2.0, =0.9.1, =1.1.2, =4.1.0-alpha.1, =0.0.4, =5.2.0-alpha.13, =5.2.0, =1.0.6, =1.0.17, =1.0.3, =4.1.2, =2.0.0, =2.3.1 and more Source cves: CVE-2024-21528 Source advisory: OSV:GHSA-G974-HXVM-X689...

CVE-2023-32635

CVE-2023-32635 affects the XBRL data create application (7.0 and earlier). The root cause is improper restriction of XML External Entity (XXE) references, enabling a specially crafted XBRL file to cause the system to read arbitrary files. The issue is documented across multiple sources (e.g., JVN...

GHSA-MPVF-6H9G-2HQ2 PowerJob Incorrect Access Control vulnerability

PowerJob v4.3.6 is vulnerable to Incorrect Access Control via the create app interface...

CVE-2023-29921

PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface...

CVE-2023-29921

PowerJob V4.3.1 is affected by Incorrect Access Control via the create app interface, enabling an attacker to create apps without permission. The issue is described in multiple sources (e.g., Red Hat, GHSA/OSV, Veracode) as improper access control. Veracode notes the vulnerable flow through the /...

CVE-2023-29921

PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface...

PT-2023-22478 · Powerjob · Powerjob

Name of the Vulnerable Software and Affected Versions: PowerJob version 4.3.1 Description: The issue is related to Incorrect Access Control via the create app interface. Recommendations: For PowerJob version 4.3.1, consider restricting access to the create app interface until a fix is available. ...