Every CVE whose affected-product data names Macrozheng Mall-tiny, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2024-57434 — CVSS 8.8 (high): macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a…
CVE-2024-57432 — CVSS 7.5 (high): macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User…
CVE-2024-57433 — CVSS 7.5 (high): macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still…
CVE-2024-57435 — CVSS 6.5 (medium): In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer…