1024 matches found
CVE-2024-57432
The CVE-2024-57432 entry concerns macrozheng mall-tiny 1.0.1 with insecure permissions due to hardcoded JWT signing keys. The JWT contains user information and is used for privilege management, enabling forging of arbitrary users’ tokens and authentication bypass. Concrete details across connecte...
CVE-2024-57433
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...
mall-tiny 安全漏洞
mall-tiny is a rapid development scaffolding for macro individual developers. A security vulnerability exists in mall-tiny version 1.0.1, which stems from an insecure permissions issue that allows an attacker to forge an arbitrary user's JWT to achieve authentication bypass...
CVE-2024-57435
In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure...
CVE-2024-57433
CVE-2024-57433 affects macrozheng mall-tiny 1.0.1. The vulnerability is described as Incorrect Access Control via the logout function: after logout, the user’s token remains available and can be used to fetch information in the logged-in state. This is supported by multiple feeds in connected doc...
mall-tiny 安全漏洞
mall-tiny is a rapid development scaffolding for macro individual developers. A security vulnerability exists in mall-tiny version 1.0.1, which originates from an attacker who can send null data through the resource creation interface, triggering a denial-of-service attack and service restart...
CVE-2024-57433
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state...
PT-2025-3442 · Unknown · Macrozheng Mall-Tiny
Name of the Vulnerable Software and Affected Versions: macrozheng mall-tiny version 1.0.1 Description: The issue allows an attacker to send null data through the resource creation interface, resulting in a null pointer dereference in all subsequent operations that require authentication. This...
CVE-2024-57435
CVE-2024-57435 affects macrozheng mall-tiny 1.0.1. The issue arises when an attacker can send null data through the resource creation interface, causing a null pointer dereference that affects all subsequent operations requiring authentication, leading to denial of service and service restart fai...
CVE-2024-57434
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator...
Malicious code in plaid-tiny-quickstart (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6583cf366a5d9b2b4b3e8aaf4960a74b8fcc1224d6d862a5947ee56570dc252 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
RHSA-2024:4430 Red Hat Security Advisory: perl-HTTP-Tiny security update
Bulletin has no description...
RHSA-2024:0579 Red Hat Security Advisory: perl-HTTP-Tiny security update
Bulletin has no description...
RHSA-2024:0422 Red Hat Security Advisory: perl-HTTP-Tiny security update
Bulletin has no description...
RHSA-2023:7174 Red Hat Security Advisory: perl-HTTP-Tiny security update
Bulletin has no description...
RHSA-2023:6542 Red Hat Security Advisory: perl-HTTP-Tiny security update
Bulletin has no description...
NewStart CGSL MAIN 6.02 : perl-HTTP-Tiny Multiple Vulnerabilities (NS-SA-2024-0058)
The remote NewStart CGSL host, running version MAIN 6.02, has perl-HTTP-Tiny packages installed that are affected by multiple vulnerabilities: - It was found that perl can load modules from the current directory if not found in the module directories, via the @INC path. A local, authenticated...
Advisory ROSA-SA-2024-2471
software: perl 5.30.3 OS: ROSA-CHROME packageevrstring: perl-5.30.3-22 CVE-ID: CVE-2021-36770 BDU-ID: 2021-05374 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Encode.pm module of the Perl programming language interpreter is related to incorrect search path handling. Exploitation of the...
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control
Details have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliances and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the...
Huawei EulerOS: Security Advisory for perl-HTTP-Tiny (EulerOS-SA-2024-2289)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...