Vulnerability Research

CVEs (4)

• CVE-2024-48450MedOct 25, 2024
  B Hermes

  Vulnerability Research
  risk 0.42cvss 6.5epss 0.00

  An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group.

• CVE-2024-48448MedOct 25, 2024
  B Hermes

  Vulnerability Research
  risk 0.40cvss 6.1epss 0.00

  An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into the tracker comments page.

• CVE-2024-27706MedApr 3, 2024
  B Hermes

  Vulnerability Research
  risk 0.40cvss 6.1epss 0.00

  Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary code via upload of crafted SVG file to issues.

• CVE-2024-27707MedMar 7, 2024
  B Hermes

  Vulnerability Research
  risk 0.28cvss 4.3epss 0.00

  Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file.