CVE-2025-10278

A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and...

CVE-2025-10278

A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and...

CVE-2025-10278 YunaiV ruoyi-vue-pro transfer improper authorization

A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and...

CVE-2024-10278

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects an unknown part of the file /com/esafenet/servlet/user/ReUserOrganiseService.java. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2024-10278

creationtimestamp| type| source ---|---|--- 2024-10-23 15:42:58+00:00| seen| https://t.me/cvedetector/8688...

CVE-2024-10278

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects an unknown part of the file /com/esafenet/servlet/user/ReUserOrganiseService.java. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2024-10278 ESAFENET CDG ReUserOrganiseService.java sql injection

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects an unknown part of the file /com/esafenet/servlet/user/ReUserOrganiseService.java. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2024-10278 ESAFENET CDG ReUserOrganiseService.java sql injection

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects an unknown part of the file /com/esafenet/servlet/user/ReUserOrganiseService.java. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2016-10278

CVE-2016-10278 is listed in the Android 2017-05-01 bulletin as a High-severity vulnerability in Qualcomm components, affecting Pixel and Pixel XL. The entry notes the issue is tied to Qualcomm internal references (QC-CR#1043004) and that a patch is not publicly available; the fix is provided only...

Insyde InsydeH2O permission permission and access control issues vulnerability (CNVD-2022-10278)

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. Operating System H2O UEFI firmware is vulnerable to permission and access control issues, which can be...

CVE-2020-10278

creationtimestamp| type| source ---|---|--- 2020-06-25 07:55:31+00:00| seen| https://t.me/cibsecurity/13022...

CVE-2020-10278

CVE-2020-10278 concerns an unprotected BIOS on Mobile Industrial Robots (MiR) systems, where the BIOS has no password protection. The root issue allows a local operator to modify BIOS settings (e.g., boot order) and potentially boot from a Live Image. The connected documentation confirms MiR prod...

CVE-2020-10278 RVD#2561: Unprotected BIOS allows user to boot from live OS image.

The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image...

CVE-2019-10278

CVE-2019-10278 affects the Jenkins jenkins-reviewbot plugin, specifically the ReviewboardDescriptor#doTestConnection form validation. The vulnerability is a cross-site request forgery (CSRF) that allows an attacker to initiate a connection to an attacker-specified server. The root cause is insuff...

Oracle Tuxedo Jolt Protocol Heap Buffer Overflow (CVE-2017-10278)

A heap buffer overflow vulnerability exists in Oracle's Tuxedo and PeopleSoft products. This vulnerability is due a lack of length field checking in JOLT protocol structure. A successful attack could lead to remote code execution...

CVE-2017-10278

CVE-2017-10278 is a heap overflow in Oracle Tuxedo’s Jolt protocol handling, affecting Oracle Fusion Middleware/Tuxedo components version 11.1.1, 12.1.1, 12.1.3 and 12.2.2. The underlying issue is a lack of proper length-field checks in the JOLT protocol structure, enabling an unauthenticated rem...