Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50704 | 1 Uniguest | 1 Tripleplay | 2025-05-28 | N/A | 10.0 CRITICAL |
| Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. | |||||
| CVE-2024-50707 | 1 Uniguest | 1 Tripleplay | 2025-05-28 | N/A | 10.0 CRITICAL |
| Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request. | |||||
| CVE-2024-50706 | 1 Uniguest | 1 Tripleplay | 2025-05-28 | N/A | 9.8 CRITICAL |
| Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database. | |||||
| CVE-2024-50705 | 1 Uniguest | 1 Tripleplay | 2025-05-21 | N/A | 7.1 HIGH |
| Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter. | |||||
| CVE-2023-26599 | 1 Uniguest | 1 Tripleplay | 2025-02-05 | N/A | 6.1 MEDIUM |
| XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link. | |||||
| CVE-2023-25760 | 1 Uniguest | 1 Tripleplay | 2025-02-05 | N/A | 8.8 HIGH |
| Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload | |||||
| CVE-2023-25759 | 1 Uniguest | 1 Tripleplay | 2025-02-05 | N/A | 5.4 MEDIUM |
| OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload. | |||||