VYPR
Vendor

Peppermint Lab

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2023-42328HigSep 18, 2023
    risk 0.57cvss 8.8epss 0.01

    An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie.

  • CVE-2023-26984HigMar 29, 2023
    risk 0.53cvss 8.1epss 0.01

    An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.

  • CVE-2024-31525HigMar 5, 2025
    risk 0.47cvss 7.2epss 0.00

    Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client…

  • CVE-2023-46864MedOct 30, 2023
    risk 0.35cvss 5.3epss 0.01

    Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.