Approved changes feed: RSS · Atom
cpe:2.3:a:666ghj:mirofish:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | 666Ghj (6df0260a-ed6d-5971-ae6e-56001e0f5cb5) |
|---|---|
| Product | Mirofish (021f72e1-edfe-5e55-bbdd-0a368e06962a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-7059 |
vulnerable | 2026-06-03 15:27:56.114076 |
666ghj MiroFish Query Parameter simulation.py get_simulation_posts path traversal
MEDIUM (5.3)
A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function get_simulation_posts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal. The attack can be initiated remotely. The exploit has been made public and could be used.
Published: 2026-04-26T20:00:16.618Z
Updated: 2026-04-27T13:30:46.709Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-7058 |
vulnerable | 2026-06-03 15:27:56.113706 |
666ghj MiroFish Inter-Process Communication simulation_ipc.py SimulationIPCClient.send_command command injection
HIGH (7.3)
A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.send_command of the file backend/app/services/simulation_ipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-26T19:45:13.188Z
Updated: 2026-04-27T13:04:10.866Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-7042 |
vulnerable | 2026-06-03 15:27:56.094628 |
666ghj MiroFish REST API Endpoint __init__.py create_app missing authentication
HIGH (7.3)
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-26T13:00:17.265Z
Updated: 2026-04-27T13:31:24.707Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-7041 |
vulnerable | 2026-06-03 15:27:56.094109 |
666ghj MiroFish Werkzeug Debugger PIN console information disclosure
LOW (3.7)
A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-26T12:45:12.357Z
Updated: 2026-04-27T13:10:03.077Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.