EUVD-2024-53587

Malicious code in bioql PyPI...

EUVD-2024-53588

Malicious code in bioql PyPI...

EUVD-2024-53589

Malicious code in bioql PyPI...

CVE-2024-57435

In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure...

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...

CVE-2024-57435

In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure...

CVE-2024-57433

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...

CVE-2024-57434

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator...

CVE-2024-57434

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator...

CVE-2024-57433

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve...

CVE-2024-57433

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...

PT-2025-3440 · Unknown · Macrozheng Mall-Tiny

Name of the Vulnerable Software and Affected Versions: macrozheng mall-tiny version 1.0.1 Description: The issue concerns an incorrect access control through the logout function. After a user logs out, their token remains available and can still fetch information in the logged-in state...

mall-tiny 安全漏洞

mall-tiny is a rapid development scaffolding for macro individual developers. A security vulnerability exists in mall-tiny version 1.0.1, which originates from an attacker who can send null data through the resource creation interface, triggering a denial-of-service attack and service restart...

mall-tiny 安全漏洞

mall-tiny is a rapid development scaffolding for macro individual developers. A security vulnerability exists in mall-tiny version 1.0.1, which stems from the vulnerability to incorrect access control via the logout feature...

mall-tiny 安全漏洞

mall-tiny is a rapid development scaffolding for macro individual developers. A security vulnerability exists in mall-tiny version 1.0.1, which stems from an access control error...

CVE-2024-57433

CVE-2024-57433 affects macrozheng mall-tiny 1.0.1. The vulnerability is described as Incorrect Access Control via the logout function: after logout, the user’s token remains available and can be used to fetch information in the logged-in state. This is supported by multiple feeds in connected doc...

CVE-2024-57435

CVE-2024-57435 affects macrozheng mall-tiny 1.0.1. The issue arises when an attacker can send null data through the resource creation interface, causing a null pointer dereference that affects all subsequent operations requiring authentication, leading to denial of service and service restart fai...