29 matches found
EUVD-2024-53588
Malicious code in bioql PyPI...
EUVD-2024-53589
Malicious code in bioql PyPI...
EUVD-2024-53587
Malicious code in bioql PyPI...
CVE-2024-57435
In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure...
CVE-2024-57432
macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...
CVE-2024-57435
In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure...
CVE-2024-57433
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...
CVE-2024-57434
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator...
CVE-2024-57433
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...
CVE-2024-57434
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator...
CVE-2024-57432
macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...
CVE-2024-57432
macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...
CVE-2024-57433
CVE-2024-57433 affects macrozheng mall-tiny 1.0.1. The vulnerability is described as Incorrect Access Control via the logout function: after logout, the user’s token remains available and can be used to fetch information in the logged-in state. This is supported by multiple feeds in connected doc...
PT-2025-3439 · Unknown · Macrozheng Mall-Tiny
Name of the Vulnerable Software and Affected Versions: macrozheng mall-tiny version 1.0.1 Description: The issue concerns insecure permissions in the application. Specifically, the JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for...
CVE-2024-57432
macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...
mall-tiny 安全漏洞
mall-tiny is a rapid development scaffolding for macro individual developers. A security vulnerability exists in mall-tiny version 1.0.1, which stems from an insecure permissions issue that allows an attacker to forge an arbitrary user's JWT to achieve authentication bypass...
CVE-2024-57433
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...
CVE-2024-57432
The CVE-2024-57432 entry concerns macrozheng mall-tiny 1.0.1 with insecure permissions due to hardcoded JWT signing keys. The JWT contains user information and is used for privilege management, enabling forging of arbitrary users’ tokens and authentication bypass. Concrete details across connecte...
CVE-2024-57433
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...
PT-2025-3442 · Unknown · Macrozheng Mall-Tiny
Name of the Vulnerable Software and Affected Versions: macrozheng mall-tiny version 1.0.1 Description: The issue allows an attacker to send null data through the resource creation interface, resulting in a null pointer dereference in all subsequent operations that require authentication. This...