CyberAlerts

CVE-2024-57587

EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and earlier are vulnerable to SQL Injection on the authentication portal.

Description: EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and earlier are vulnerable to SQL Injection on the authentication portal.

EPSS Score: 0.04%

Source: CVE

February 1st, 2025 (5 months ago)

CVE-2024-57435

In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference...

Description: In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure.

EPSS Score: 0.04%

Source: CVE

February 1st, 2025 (5 months ago)

CVE-2024-57434

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super...

Description: macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator.

EPSS Score: 0.04%

Source: CVE

February 1st, 2025 (5 months ago)

CVE-2024-57433

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available...

Description: macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state.

EPSS Score: 0.04%

Source: CVE

February 1st, 2025 (5 months ago)

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information...

Description: macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve authentication bypass.

EPSS Score: 0.04%

Source: CVE

February 1st, 2025 (5 months ago)

CVE-2024-55062

EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and earlier are vulnerable to Command injection.

Description: EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and earlier are vulnerable to Command injection.

EPSS Score: 0.04%

Source: CVE

February 1st, 2025 (5 months ago)

CVE-2024-53584

OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter.

Description: OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter.

EPSS Score: 0.04%

Source: CVE

February 1st, 2025 (5 months ago)

CVE-2024-53582

An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal...

Description: An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request.

EPSS Score: 0.04%

Source: CVE

February 1st, 2025 (5 months ago)

CVE-2024-53537

An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager.

Description: An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager.

EPSS Score: 0.04%

Source: CVE

February 1st, 2025 (5 months ago)

CVE-2024-53357

In EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0, the AES encryption keys used to encrypt passwords are not stored securely.

Description: In EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0, the AES encryption keys used to encrypt passwords are not stored securely.

EPSS Score: 0.04%

Source: CVE

February 1st, 2025 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: