partywave

4 exploits Active since Aug 2024
CVE-2024-42845 NOMISEC HIGH WORKING POC
InVesalius <3.1.99998 - Code Injection
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
3 stars
CVSS 8.0
CVE-2025-55816 NOMISEC MEDIUM WRITEUP
HotelDruid < 3.0.7 - Cross-Site Scripting in /modifica_app.php
HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.
CVSS 6.1
CVE-2024-42845 WRITEUP HIGH WORKING POC
InVesalius <3.1.99998 - Code Injection
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
CVSS 8.0
CVE-2024-44825 WRITEUP HIGH WORKING POC
InVesalius3 <3.1.99995 - Path Traversal
Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file.
CVSS 7.5