Lucene search
K

29 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-53588

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00442EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-53589

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00465EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-53587

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00423EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:28 a.m.11 views

CVE-2024-57435

In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure...

6.5CVSS6.9AI score0.00465EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:11 a.m.8 views

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...

7.5CVSS7AI score0.00511EPSS
Exploits1References1
NVD
NVD
added 2025/01/31 10:15 p.m.16 views

CVE-2024-57435

In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure...

6.5CVSS0.00465EPSS
Exploits1References1
OSV
OSV
added 2025/01/31 10:15 p.m.2 views

CVE-2024-57433

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...

7.5CVSS5.8AI score0.00423EPSS
Exploits1References1
OSV
OSV
added 2025/01/31 10:15 p.m.2 views

CVE-2024-57434

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator...

8.8CVSS5.8AI score0.00442EPSS
Exploits1References1
NVD
NVD
added 2025/01/31 10:15 p.m.26 views

CVE-2024-57433

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...

7.5CVSS0.00423EPSS
Exploits1References1
NVD
NVD
added 2025/01/31 10:15 p.m.25 views

CVE-2024-57434

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator...

8.8CVSS0.00442EPSS
Exploits1References1
NVD
NVD
added 2025/01/31 5:15 p.m.24 views

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...

7.5CVSS0.00511EPSS
Exploits1References1
OSV
OSV
added 2025/01/31 5:15 p.m.3 views

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...

7.5CVSS5.8AI score0.00511EPSS
Exploits1References1
CVE
CVE
added 2025/01/31 12:0 a.m.78 views

CVE-2024-57433

CVE-2024-57433 affects macrozheng mall-tiny 1.0.1. The vulnerability is described as Incorrect Access Control via the logout function: after logout, the user’s token remains available and can be used to fetch information in the logged-in state. This is supported by multiple feeds in connected doc...

7.5CVSS6.3AI score0.00423EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/31 12:0 a.m.3 views

PT-2025-3439 · Unknown · Macrozheng Mall-Tiny

Name of the Vulnerable Software and Affected Versions: macrozheng mall-tiny version 1.0.1 Description: The issue concerns insecure permissions in the application. Specifically, the JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for...

7.5CVSS7.1AI score0.00511EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/01/31 12:0 a.m.8 views

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...

6.6AI score0.00511EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/31 12:0 a.m.4 views

mall-tiny 安全漏洞

mall-tiny is a rapid development scaffolding for macro individual developers. A security vulnerability exists in mall-tiny version 1.0.1, which stems from an insecure permissions issue that allows an attacker to forge an arbitrary user's JWT to achieve authentication bypass...

7.5CVSS7AI score0.00511EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/01/31 12:0 a.m.9 views

CVE-2024-57433

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...

6.3AI score0.00423EPSS
Exploits1References1
CVE
CVE
added 2025/01/31 12:0 a.m.628 views

CVE-2024-57432

The CVE-2024-57432 entry concerns macrozheng mall-tiny 1.0.1 with insecure permissions due to hardcoded JWT signing keys. The JWT contains user information and is used for privilege management, enabling forging of arbitrary users’ tokens and authentication bypass. Concrete details across connecte...

7.5CVSS6.6AI score0.00511EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/01/31 12:0 a.m.11 views

CVE-2024-57433

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...

0.00423EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/31 12:0 a.m.4 views

PT-2025-3442 · Unknown · Macrozheng Mall-Tiny

Name of the Vulnerable Software and Affected Versions: macrozheng mall-tiny version 1.0.1 Description: The issue allows an attacker to send null data through the resource creation interface, resulting in a null pointer dereference in all subsequent operations that require authentication. This...

6.5CVSS7AI score0.00465EPSS
Exploits1References4
Rows per page
Query Builder