CVE-2025-10184 OnePlus OxygenOS Telephony provider permission bypass

The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information...

BIT-MOODLE-2024-34007 moodle: logout CSRF in admin/tool/mfa/auth.php

The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF...