Browse all 3 CVE security advisories affecting aruphash. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Aruphash is a cryptographic hashing library primarily used for secure data integrity verification and password storage. Historically, it has been associated with remote code execution vulnerabilities due to buffer overflows in input processing, cross-site scripting flaws in web implementations, and privilege escalation through insecure permission handling. The library has demonstrated inconsistent input validation and insufficient bounds checking, leading to multiple CVEs. While no major public security incidents have been documented, its recurring pattern of memory safety issues suggests potential for significant exploitation if deployed in high-privilege contexts.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-9698 | Crafthemes Demo Import <= 3.3 - Authenticated (Admin+) Arbitrary File Upload in process_uploaded_files — Crafthemes Demo ImportCWE-434 | 7.2 | High | 2024-12-14 |
| CVE-2024-3066 | Elegant Addons for elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML tags — Elegant Addons for elementorCWE-79 | 6.4 | Medium | 2024-05-22 |
| CVE-2024-5092 | Elegant Addons for elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets — Elegant Addons for elementorCWE-79 | 6.4 | Medium | 2024-05-22 |
This page lists every published CVE security advisory associated with aruphash. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.