Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-50704 | 1 Uniguest | 1 Tripleplay | 2025-05-28 | N/A | 10.0 CRITICAL |
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. | |||||
CVE-2024-50707 | 1 Uniguest | 1 Tripleplay | 2025-05-28 | N/A | 10.0 CRITICAL |
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request. | |||||
CVE-2024-50706 | 1 Uniguest | 1 Tripleplay | 2025-05-28 | N/A | 9.8 CRITICAL |
Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database. | |||||
CVE-2024-50705 | 1 Uniguest | 1 Tripleplay | 2025-05-21 | N/A | 7.1 HIGH |
Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter. | |||||
CVE-2023-26599 | 1 Uniguest | 1 Tripleplay | 2025-02-05 | N/A | 6.1 MEDIUM |
XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link. | |||||
CVE-2023-25760 | 1 Uniguest | 1 Tripleplay | 2025-02-05 | N/A | 8.8 HIGH |
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload | |||||
CVE-2023-25759 | 1 Uniguest | 1 Tripleplay | 2025-02-05 | N/A | 5.4 MEDIUM |
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload. |