ladybirdweb CVE Vulnerabilities & Metrics

Focus on ladybirdweb vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About ladybirdweb Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with ladybirdweb. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total ladybirdweb CVEs: 5
Earliest CVE date: 06 Apr 2017, 17:59 UTC
Latest CVE date: 01 Nov 2024, 16:15 UTC

Latest CVE reference: CVE-2024-51377

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -66.67%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -66.67%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical ladybirdweb CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.2

Max CVSS: 6.0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS ladybirdweb CVEs

These are the five CVEs with the highest CVSS scores for ladybirdweb, sorted by severity first and recency.

CVE-2017-7571 ladybirdweb Published on 06 Apr 2017, 17:59 UTC (CVSS: 6.0)
public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges.
CVE-2024-51377 ladybirdweb Published on 01 Nov 2024, 16:15 UTC (CVSS: 0)
An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields
CVE-2023-1724 ladybirdweb Published on 24 Jun 2023, 01:15 UTC (CVSS: 0)
Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS.
CVE-2023-25350 ladybirdweb Published on 24 Mar 2023, 20:15 UTC (CVSS: 0)
Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection.
CVE-2023-24625 ladybirdweb Published on 24 Mar 2023, 15:15 UTC (CVSS: 0)
Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack.

All CVEs for ladybirdweb

CVE-2024-51377 ladybirdweb vulnerability CVSS: 0 01 Nov 2024, 16:15 UTC

An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields

CVE-2023-1724 ladybirdweb vulnerability CVSS: 0 24 Jun 2023, 01:15 UTC

Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS.

CVE-2023-25350 ladybirdweb vulnerability CVSS: 0 24 Mar 2023, 20:15 UTC

Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection.

CVE-2023-24625 ladybirdweb vulnerability CVSS: 0 24 Mar 2023, 15:15 UTC

Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack.

CVE-2017-7571 ladybirdweb vulnerability CVSS: 6.0 06 Apr 2017, 17:59 UTC

public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges.