35 matches found
CVE-2026-7042 666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function createapp of the file backend/app/init.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published a...
CVE-2026-7042
The CVE concerns 666ghj MiroFish REST API Endpoint (up to version 0.1.2). The flaw is in the create_app function located at backend/app/init .py, described as missing authentication. This can enable remote abuse, with a published exploit mentioned in the description. No remediation or patch detai...
CVE-2026-7041 666ghj MiroFish Werkzeug Debugger PIN console information disclosure
A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...
EUVD-2026-25717
A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...
CVE-2026-7041
Affects 666ghj MiroFish up to version 0.1.2. The vulnerability lies in an unknown function handling the /console path of the Werkzeug Debugger PIN Handler. By manipulating the SECRET argument, an information disclosure is possible. Attacker can exploit remotely, with a high attack complexity and ...
CVE-2026-7041 666ghj MiroFish Werkzeug Debugger PIN console information disclosure
A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...
CVE-2026-7041
A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...
PT-2026-35238
A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function get simulation posts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal. The attack can be initiated...
MiroFish 注入漏洞
MiroFish is a crowd intelligence prediction engine developed by BaiFu personally. It is used to simulate and predict the future. Versions of MiroFish 0.1.2 and earlier have a vulnerability related to command injection, which stems from the SimulationIPCClient.sendcommand function in the...
MiroFish 路径遍历漏洞
MiroFish is a crowd intelligence prediction engine developed by BaiFu personally. It is used to simulate and predict the future. Versions of MiroFish prior to 0.1.2 have a path traversal vulnerability. This vulnerability stems from improper handling of the Platform parameter in the...
PT-2026-35237
A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.send command of the file backend/app/services/simulation ipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to...
MiroFish 信息泄露漏洞
MiroFish is a crowd intelligence prediction engine developed by BaiFu personally. It is used to simulate and predict the future. Versions of MiroFish prior to 0.1.2 have a vulnerability related to information leakage. This vulnerability stems from improper handling of the SECRET parameter in the...
PT-2026-35223
A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...
MiroFish 授权问题漏洞
MiroFish is a crowd intelligence prediction engine developed by BaiFu personally. It is used to simulate and predict the future. Versions of MiroFish prior to 0.1.2 have a licensing issue vulnerability. This vulnerability stems from improper handling of the createapp function in the REST API...
PT-2026-35224
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create app of the file backend/app/ init .py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been publishe...