20 matches found
EUVD-2024-53589
Malicious code in bioql PyPI...
EUVD-2024-53587
Malicious code in bioql PyPI...
EUVD-2024-53588
Malicious code in bioql PyPI...
CVE-2024-57435
In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure...
CVE-2024-57432
macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...
CVE-2024-57435
In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure...
CVE-2024-57434
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator...
CVE-2024-57433
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...
CVE-2024-57432
macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...
CVE-2024-57432
macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...
PT-2025-3442 · Unknown · Macrozheng Mall-Tiny
Name of the Vulnerable Software and Affected Versions: macrozheng mall-tiny version 1.0.1 Description: The issue allows an attacker to send null data through the resource creation interface, resulting in a null pointer dereference in all subsequent operations that require authentication. This...
CVE-2024-57433
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...
CVE-2024-57435
In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure...
CVE-2024-57432
The CVE-2024-57432 entry concerns macrozheng mall-tiny 1.0.1 with insecure permissions due to hardcoded JWT signing keys. The JWT contains user information and is used for privilege management, enabling forging of arbitrary users’ tokens and authentication bypass. Concrete details across connecte...
CVE-2024-57434
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator...
CVE-2024-57435
CVE-2024-57435 affects macrozheng mall-tiny 1.0.1. The issue arises when an attacker can send null data through the resource creation interface, causing a null pointer dereference that affects all subsequent operations requiring authentication, leading to denial of service and service restart fai...
CVE-2024-57434
CVE-2024-57434 affects Macrozheng Mall-Tiny 1.0.1 and is caused by an Incorrect Access Control vulnerability where the project imports users by default and a test user is granted super administrator privileges. Reported with CVSS 3.1: AV=N, AC=L, PR=L, UI=N, S=U, C/H/I/A = High. Exploitation stat...
CVE-2024-57433
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...
CVE-2024-57433
CVE-2024-57433 affects macrozheng mall-tiny 1.0.1. The vulnerability is described as Incorrect Access Control via the logout function: after logout, the user’s token remains available and can be used to fetch information in the logged-in state. This is supported by multiple feeds in connected doc...
PT-2025-3440 · Unknown · Macrozheng Mall-Tiny
Name of the Vulnerable Software and Affected Versions: macrozheng mall-tiny version 1.0.1 Description: The issue concerns an incorrect access control through the logout function. After a user logs out, their token remains available and can still fetch information in the logged-in state...