Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

valeapp

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

5

CISA CVEs -

0

NVD CVEs -

5
Related CVEsRelated VendorsRelated AssignersReports
5Vulnerabilities found
CVE-2024-8607
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.7||HIGH
EPSS-0.08% / 24.17%
||
7 Day CHG~0.00%
Published-27 Sep, 2024 | 12:04
Updated-02 Jun, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQLi in Oceanic Software's ValeApp

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection. This issue affects ValeApp: before v2.0.0.

Action-Not Available
Vendor-oceanicsoftOceanic Softwareoceanicsoft
Product-valeappValeAppvaleapp
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-8608
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-7.2||HIGH
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-27 Sep, 2024 | 12:00
Updated-02 Jun, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS in Oceanic Software's ValeApp

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp allows Stored XSS. This issue affects ValeApp: before v2.0.0.

Action-Not Available
Vendor-oceanicsoftOceanic Softwareoceanicsoft
Product-valeappValeAppvaleapp
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-8609
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-27 Sep, 2024 | 11:55
Updated-02 Jun, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Oceanic Software's ValeApp

Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information. This issue affects ValeApp: before v2.0.0.

Action-Not Available
Vendor-oceanicsoftOceanic Softwareoceanicsoft
Product-valeappValeAppvaleapp
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-8643
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.3||CRITICAL
EPSS-0.25% / 48.12%
||
7 Day CHG~0.00%
Published-27 Sep, 2024 | 11:53
Updated-02 Jun, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Session Hijacking in Oceanic Software's ValeApp

Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking. This issue affects ValeApp: before v2.0.0.

Action-Not Available
Vendor-oceanicsoftOceanic Softwareoceanicsoft
Product-valeappValeAppvaleapp
CWE ID-CWE-384
Session Fixation
CVE-2024-8644
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.3||CRITICAL
EPSS-0.12% / 31.00%
||
7 Day CHG~0.00%
Published-27 Sep, 2024 | 11:48
Updated-02 Jun, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleartext Storage of Sensitive Information in Oceanic Software's ValeApp

Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking). This issue affects ValeApp: before v2.0.0.

Action-Not Available
Vendor-oceanicsoftOceanic Softwareoceanicsoft
Product-valeappValeAppvaleapp
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-315
Cleartext Storage of Sensitive Information in a Cookie