Browse all 3 CVE security advisories affecting VaeMendis. AI-powered Chinese analysis, POCs, and references for each vulnerability.
VaeMendis develops enterprise vulnerability management solutions focused on automated threat detection and remediation prioritization. Historically, the platform has been associated with remote code execution, cross-site scripting, and privilege escalation vulnerabilities, primarily stemming from input validation flaws and improper access controls. While no major public security incidents have been documented, the three CVEs on record highlight consistent issues with sanitization of user-supplied data and insufficient session management. The product's architecture emphasizes integration with existing security stacks but has demonstrated recurring patterns in how it handles authenticated API endpoints and web form processing, suggesting areas for improvement in secure coding practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-47915 | VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor — VaeMendis Ubooquity version 2.1.2CWE-200 | 7.5 | High | 2024-11-14 |
| CVE-2024-47914 | VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF) — VaeMendis Ubooquity version 2.1.2CWE-352 | 4.5 | Medium | 2024-11-14 |
| CVE-2024-45254 | VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — VaeMendis Ubooquity version 2.1.2CWE-79 | 7.5 | High | 2024-11-14 |
This page lists every published CVE security advisory associated with VaeMendis. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.