10 matches found
CVE-2026-48370
creationtimestamp| type| source ---|---|--- 2026-07-15 05:08:02+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mqnxbgcyov2a 2026-07-15 05:08:50+00:00| seen| https://mastodon.social/users/hugovalters/statuses/116922259945417226...
CVE-2025-48370
creationtimestamp| type| source ---|---|--- 2025-05-27 15:49:17+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17659 2025-05-27 15:55:21+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq62fj35jmy2...
CVE-2025-48370
CVE-2025-48370 affects the auth-js library (Supabase Auth). Before 2.69.1, functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require UUIDs for user-controlled inputs, enabling potential URL path traversal and invocation of the wrong API function. The issue ta...
CVE-2025-48370 auth-js Vulnerable to Insecure Path Routing from Malformed User Input
auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...
CVE-2025-48370 auth-js Vulnerable to Insecure Path Routing from Malformed User Input
auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...
CVE-2022-48370
creationtimestamp| type| source ---|---|--- 2023-05-09 07:43:31+00:00| seen| https://t.me/cibsecurity/63571...
CVE-2022-48370
In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
CVE-2022-48370
In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
CVE-2022-48370
In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...
CVE-2022-48370
CVE-2022-48370 describes a local information disclosure in the Unisoc dialer service due to a missing permission check. The vulnerability affects Unisoc chipsets’ dialer component and could allow access to sensitive data without extra execution privileges. No explicit affected version ranges or p...