Lucene search
+L

29 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-53588

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00442EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-53587

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00423EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-53589

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00465EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:28 a.m.12 views

CVE-2024-57435

In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure...

6.5CVSS6.9AI score0.00465EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:11 a.m.9 views

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...

7.5CVSS7AI score0.00511EPSS
Exploits1References1
NVD
NVD
added 2025/01/31 10:15 p.m.17 views

CVE-2024-57435

In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure...

6.5CVSS0.00465EPSS
Exploits1References1
NVD
NVD
added 2025/01/31 10:15 p.m.29 views

CVE-2024-57433

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...

7.5CVSS0.00423EPSS
Exploits1References1
NVD
NVD
added 2025/01/31 10:15 p.m.31 views

CVE-2024-57434

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator...

8.8CVSS0.00442EPSS
Exploits1References1
NVD
NVD
added 2025/01/31 5:15 p.m.35 views

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...

7.5CVSS0.00511EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/31 12:0 a.m.5 views

mall-tiny 安全漏洞

mall-tiny is a rapid development scaffolding for macro individual developers. A security vulnerability exists in mall-tiny version 1.0.1, which stems from an insecure permissions issue that allows an attacker to forge an arbitrary user's JWT to achieve authentication bypass...

7.5CVSS7AI score0.00511EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/01/31 12:0 a.m.9 views

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...

6.6AI score0.00511EPSS
Exploits1References1
CVE
CVE
added 2025/01/31 12:0 a.m.81 views

CVE-2024-57433

CVE-2024-57433 affects macrozheng mall-tiny 1.0.1. The vulnerability is described as Incorrect Access Control via the logout function: after logout, the user’s token remains available and can be used to fetch information in the logged-in state. This is supported by multiple feeds in connected doc...

7.5CVSS6.3AI score0.00423EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/01/31 12:0 a.m.629 views

CVE-2024-57432

The CVE-2024-57432 entry concerns macrozheng mall-tiny 1.0.1 with insecure permissions due to hardcoded JWT signing keys. The JWT contains user information and is used for privilege management, enabling forging of arbitrary users’ tokens and authentication bypass. Concrete details across connecte...

7.5CVSS6.6AI score0.00511EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/31 12:0 a.m.4 views

PT-2025-3439 · Unknown · Macrozheng Mall-Tiny

Name of the Vulnerable Software and Affected Versions: macrozheng mall-tiny version 1.0.1 Description: The issue concerns insecure permissions in the application. Specifically, the JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for...

7.5CVSS7.1AI score0.00511EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/01/31 12:0 a.m.5 views

mall-tiny 安全漏洞

mall-tiny is a rapid development scaffolding for macro individual developers. A security vulnerability exists in mall-tiny version 1.0.1, which stems from the vulnerability to incorrect access control via the logout feature...

7.5CVSS6.7AI score0.00423EPSS
Exploits1References1
CVE
CVE
added 2025/01/31 12:0 a.m.56 views

CVE-2024-57434

CVE-2024-57434 affects Macrozheng Mall-Tiny 1.0.1 and is caused by an Incorrect Access Control vulnerability where the project imports users by default and a test user is granted super administrator privileges. Reported with CVSS 3.1: AV=N, AC=L, PR=L, UI=N, S=U, C/H/I/A = High. Exploitation stat...

8.8CVSS6.5AI score0.00442EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/01/31 12:0 a.m.5 views

mall-tiny 安全漏洞

mall-tiny is a rapid development scaffolding for macro individual developers. A security vulnerability exists in mall-tiny version 1.0.1, which originates from an attacker who can send null data through the resource creation interface, triggering a denial-of-service attack and service restart...

6.5CVSS6.7AI score0.00465EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/31 12:0 a.m.10 views

CVE-2024-57433

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...

6.3AI score0.00423EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/31 12:0 a.m.27 views

CVE-2024-57435

In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure...

0.00465EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/31 12:0 a.m.8 views

PT-2025-3440 · Unknown · Macrozheng Mall-Tiny

Name of the Vulnerable Software and Affected Versions: macrozheng mall-tiny version 1.0.1 Description: The issue concerns an incorrect access control through the logout function. After a user logs out, their token remains available and can still fetch information in the logged-in state...

7.5CVSS7AI score0.00423EPSS
Exploits1References4
Rows per page
Query Builder