CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5174 – Broken Authentication in Gliffy
https://notcve.org/view.php?id=CVE-2024-5174
24 Feb 2025 — A flaw in Gliffy results in broken authentication through the reset functionality of the application. • https://portal.perforce.com/s/detail/a91PA000001ScD3YAK • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7141 – CSRF in Gliffy
https://notcve.org/view.php?id=CVE-2024-7141
20 Feb 2025 — Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF) flaw. • https://portal.perforce.com/s/detail/a91PA000001Sc8DYAS • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10315 – Insecure Configuration in Gliffy Online
https://notcve.org/view.php?id=CVE-2024-10315
11 Nov 2024 — In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6 In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD. • https://portal.perforce.com/s/detail/a91PA000001SZVJYA4 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •