262 matches found
CVE-2025-9696 Use of Hard-coded Credentials in SunPower PVS6
The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...
Absolute Secure Access 安全漏洞
Absolute Secure Access is an application from Absolute, Inc. to provide Secure Service Edge SSE optimized for hybrid and mobile working models. A security vulnerability exists in versions prior to Absolute Secure Access 13.56, which stems from a privilege bypass that could result in improperly...
PT-2024-35811 · Fcnt · Fcnt Android
Name of the Vulnerable Software and Affected Versions: FCNT Android devices affected versions not specified Description: The issue concerns the exposure of security settings on FCNT Android devices when the screen is unlocked by a user and an attacker can directly operate the device. This can lea...
CVE-2024-50650
Python_book V1.0 is affected by an Incorrect Access Control vulnerability that lets an attacker obtain sensitive information of users by modifying the ID parameter. Root cause appears to be inadequate authorization for ID-based requests. Reported across multiple sources (NVD, Red Hat, CNNVD, CVE ...
How should work?
We're finally getting a way to fully style & customise elements! But there's a detail I'd like everyone's opinion on. A brief intro to customisable If you want to hear about it in depth, I talked about it on OTMT, and there's a great post by Una Kravets. But here's a whirlwind tour: / Opt in to t...
How should <selectedoption> work?
We're finally getting a way to fully style & customise elements! But there's a detail I'd like everyone's opinion on. Update: Your feedback was heard, and folks have agreed to change the behaviour here. See the update below. A brief intro to customisable If you want to hear about it in depth, I...
CVE-2024-8445 389-ds-base: server crash while modifying `userpassword` using malformed input (incomplete fix for cve-2024-2199)
The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying userPassword using malformed input...
Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts
Bulletin ID: AMD-SB-7024 Potential Impact: N/A Severity: N/A Summary AMD is aware of a paper titled ‘SMaCK: Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts,’ published by researchers from Iowa State University and Google®. The research paper attempts to extend data-cache-sid...
CVE-2024-4450
CVE-2024-4450 affects AliExpress Dropshipping with AliNext Lite for WordPress. The issue is a missing capability check in several functions of ImportAjaxController.php, affecting all versions up to 3.3.5. This allows authenticated attackers with subscriber-level access and above to perform action...
CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm
A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...
K000139141: liblzma vulnerability CVE-2024-3094
Security Advisory Description Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used t...
CVE-2023-52566
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential use after free in nilfsgccachesubmitreaddata In nilfsgccachesubmitreaddata, brelsebh is called to drop the reference count of bh when the call to nilfsdattranslate fails. If the reference count hits 0 and it...
Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware
CVE-2022-30525 Zyxel Firewall Remote Command Injection A py...
The vulnerability of the getParams method in Inductive Automation Ignition software allows a perpetrator to execute arbitrary code.
The vulnerability of the getParams method in Inductive Automation Ignition software lies in the ability to exploit or modify arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by connecting to the server...
PT-2023-23283 · Sesami · Sesami Planfocus Cpto
Name of the Vulnerable Software and Affected Versions: SESAMI planfocus CPTO Cash Point & Transport Optimizer version 6.3.8.6 718 Description: An issue was discovered in the software, allowing for XSS via the Name field when modifying a client. Recommendations: For SESAMI planfocus CPTO Cash Poin...
On repaying and taking collateral there is 2 times modifying tokenCollateral[cType][account/sourse]this lead to a problem
Lines of code Vulnerability details Impact when you are repaying your tokenCollateralcTypeaccount is modified 2 times, which leads to incorrect data Proof of Concept On calling repayAllDebtAndFreeTokenCollateral or repayDebtAndFreeTokenCollateral first you are calling modifySAFECollateralization...
Design/Logic Flaw
Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...
CVE-2023-40015 Vyper: reversed order of side effects for some operations
Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...
Fedora 38 : openvswitch (2023-7da03dc2ae)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7da03dc2ae advisory. Update for 3.1.1 2185071, includes fixes for CVE-2023-1668 2186245 Tenable has extracted the preceding description block directly from the Fedora...
RHEL 8 : openvswitch2.13 (RHSA-2023:1823)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1823 advisory. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixe...