5 matches found
CVE-2026-43877
CVE-2026-43877 (WWBN/AVideo) : CSRF in objects/userSavePhoto.php allows a logged‑in user’s profile photo to be overwritten with arbitrary bytes via a crafted cross‑origin POST, due to missing CSRF protection (the endpoint does not use the .json.php suffix and is excluded from autoCSRFGuard), no t...
SUSE CVE-2020-14694
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Orac...
PT-2021-18628 · Friendica · Friendica
Name of the Vulnerable Software and Affected Versions: Friendica versions through 2021.01 Description: The issue allows the settings/userexport feature to be accessed by anonymous users, potentially leading to excessive memory consumption and attempted access to an array offset on a value of type...
PT-2020-11213 · Siemens · Scalance S612 +3
Name of the Vulnerable Software and Affected Versions: SCALANCE S602 versions 3.0 through 4.0 SCALANCE S612 versions 3.0 through 4.0 SCALANCE S623 versions 3.0 through 4.0 SCALANCE S627-2M versions 3.0 through 4.0 Description: A security issue has been identified that could allow Cross-Site...
PT-2017-17615 · Cmsms · Cms Made Simple
Name of the Vulnerable Software and Affected Versions: CMS Made Simple CMSMS version 2.1.6 Description: A security issue exists in the "Content--News--Add Article" feature of the software, where an attacker can exploit the m1 summary parameter to conduct a cross-site scripting XSS attack. This...