CVE-2025-10778

creationtimestamp| type| source ---|---|--- 2025-09-22 11:26:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lzgcfxql252m...

CVE-2025-10778 Smartstore Gift Voucher confirm race condition

A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

CVE-2019-10778

devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...

CVE-2024-10778

creationtimestamp| type| source ---|---|--- 2024-11-13 02:22:09+00:00| seen| https://infosec.exchange/users/cve/statuses/113473259352194103...

CVE-2024-10778 BuddyPress Builder for Elementor – BuddyBuilder <= 1.7.4 - Authenticated (Contributor+) Post Disclosure

The BuddyPress Builder for Elementor – BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticat...

WordPress BuddyPress Builder for Elementor – BuddyBuilder Plugin <= 1.7.4 is vulnerable to Sensitive Data Exposure

Software BuddyPress Builder for Elementor – BuddyBuilder Type Plugin Vulnerable versions = 1.7.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Sensitive Data Exposure CVE CVE-2024-10778 Patch priority Low CVSS severity Low 4.3 Developer StaxWP PSID...

CVE-2018-10778

creationtimestamp| type| source ---|---|--- 2022-05-11 22:34:42+00:00| seen| https://t.me/cibsecurity/42419...

CVE-2021-34085

Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. CVE-2017-14409, and...

CVE-2021-34085

Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. CVE-2017-14409, and...

CVE-2021-34085

Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. CVE-2017-14409, and...

Critical: Red Hat Security Advisory: CloudForms 4.7.16 security, bug fix and enhancement update

An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2020-10778

creationtimestamp| type| source ---|---|--- 2020-08-11 16:55:11+00:00| seen| https://t.me/cibsecurity/14026...

CVE-2020-10778

CVE-2020-10778 affects Red Hat CloudForms (CFME) 4.7 and 5, where read-only widgets can be edited by removing the disabled attribute due to missing server-side validation, bypassing business logic. The issue is addressed in Red Hat Security Advisory RHSA-2020:3574 for CloudForms 4.7.16 (and relat...

CVE-2020-10778

A business logic flaw was found in Red Hat CloudForms where the read-only values of the Widgets could be altered. An attacker with low privileges could bypass server-side validation by dropping the disabled attribute from the fields...

@sap/ui5-builder-webide-extension (=1.0.1), @sersap/ui5-build-tasks (>=0.0.8 <=0.0.13) +7 more potentially affected by CVE-2019-10778 via devcert-sanscache (=0.4.6)

devcert-sanscache NPM version =0.4.6 is affected by a known vulnerability. The following packages have a transitive dependency on devcert-sanscache and may be impacted: - @sap/ui5-builder-webide-extension =1.0.1 - @sersap/ui5-build-tasks =0.0.8, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0,...

CVE-2019-10778

devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...

CVE-2019-10778

devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...

CVE-2019-10778

CVE-2019-10778 affects devcert-sanscache prior to 0.4.7. The vulnerability allows a remote attacker to execute arbitrary code or perform command injection because the user-controlled commonName is used inside an exec call without sanitization. Impact is described as remote code execution with pot...

@sap/ui5-builder-webide-extension (=1.0.1), @sersap/ui5-build-tasks (>=0.0.8 <=0.0.13) +7 more potentially affected by CVE-2019-10778 via devcert-sanscache (=0.4.6)

devcert-sanscache NPM version =0.4.6 is affected by a known vulnerability. The following packages have a transitive dependency on devcert-sanscache and may be impacted: - @sap/ui5-builder-webide-extension =1.0.1 - @sersap/ui5-build-tasks =0.0.8, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0,...

CVE-2016-10778

creationtimestamp| type| source ---|---|--- 2019-08-06 16:40:38+00:00| seen| https://t.me/cibsecurity/5947...