CVE-2022-32477

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated...

CVE-2021-32477

The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability site administrators by default. Moodle versions 3.10 to 3.10.3 are affected...

CVE-2025-32477

Cross-Site Request Forgery CSRF vulnerability in Jordi Salord WP-Easy Menu wp-easy-menu allows Stored XSS.This issue affects WP-Easy Menu: from n/a through = 0.41...

WordPress WP-Easy Menu plugin <= 0.41 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by johska in WordPress Plugin WP-Easy Menu versions = 0.41...

CVE-2025-32477

Cross-Site Request Forgery CSRF vulnerability in Jordi Salord WP-Easy Menu wp-easy-menu allows Stored XSS.This issue affects WP-Easy Menu: from n/a through = 0.41...

CVE-2025-32477

CVE-2025-32477 - WP-Easy Menu is a CSRF-driven vulnerability that can lead to Stored XSS in WP-Easy Menu versions up to 0.41. The CVSS 3.1 base score is 7.1 (HIGH) with attack vector Network, attack complexity Low, privileges required None, user interaction Required, and impact on confidentiality...

CVE-2025-32477 WordPress WP-Easy Menu plugin <= 0.41 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Jordi Salord WP-Easy Menu wp-easy-menu allows Stored XSS.This issue affects WP-Easy Menu: from n/a through = 0.41...

CVE-2024-32477 Race condition when flushing input stream leads to permission prompt bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between libc::tcflush0, libc::TCIFLUSH and reading standard input, it's possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the...

ROS-2-471

2.471 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

ROS-2-1317

2.1317 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

ROS-2-1540

2.1540 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

CVE-2023-32477

creationtimestamp| type| source ---|---|--- 2023-09-29 12:42:28+00:00| seen| https://t.me/cibsecurity/71268...

CVE-2023-32477

Dell Common Event Enabler (module of Dell OpenManage Client Instrumentation) has an improper access control vulnerability affecting 8.9.8.2 and earlier. A local low-privileged attacker can potentially gain elevated privileges via this component. The PT-2023-6497 entry summarizes the affected vers...

CVE-2022-32477

creationtimestamp| type| source ---|---|--- 2023-02-15 16:36:26+00:00| seen| https://t.me/cibsecurity/58222...

CVE-2021-32477

The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability site administrators by default. Moodle versions 3.10 to 3.10.3 are affected...

CVE-2021-32477

The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability site administrators by default. Moodle versions 3.10 to 3.10.3 are affected...

CVE-2021-32477

CVE-2021-32477 affects Moodle 3.10.x versions up to 3.10.3. The issue is an information disclosure where the timestamp of the last mobile app access is displayed on a user’s profile page and should be restricted to users with the relevant capability (site administrators by default). The underlyin...

ROS-2-845

2.845 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

ROS-2-1246

2.1246 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

Moodle 3.10.x < 3.10.4 Information Disclosure Vulnerability

Moodle is prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...