CVE-2024-54851

CVE-2024-54851 affects Teedy up to version 1.12, where CSRF protection is lacking, enabling CSRF attacks as described in multiple sources (CVSSv3.1: 8.8, HIGH). The vulnerability concerns the web UI flow and request handling, with no explicit exploitation details in the provided documents. Red Ha...

Chunghwa Telecom TenderDocTransfer 安全漏洞

Chunghwa Telecom TenderDocTransfer is an application from Chunghwa Telecom China. A security vulnerability exists in Chunghwa Telecom TenderDocTransfer, which stems from the presence of arbitrary file writes and lack of CSRF protection, as well as a relative path traversal vulnerability in the AP...

kernel: drm/client: Fully protect modes[] with dev->mode_config.mutex

A flaw in the Linux kernel's Direct Rendering Manager DRM client could cause system instability. The problem occurs because the modes array, used to store display mode pointers, wasn’t adequately protected by a mutex lock. This allows the array to reference memory that has already been freed or...

The vulnerability of Brother DCP-7065DN printer’s microprogramming software arises from the lack of measures taken to protect the website structure. This allows attackers to execute arbitrary codes by sending a special GET request with the “id” parameter.

The vulnerability of Brother DCP-7065DN printer’s microprogramming software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by generating a special GET request with the ‘id’ parameter...

The vulnerability of the microprogrammed software of the biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME lies in buffer overflow attacks on the glass components, allowing intruders to execute arbitrary codes.

The vulnerability of microprogrammed software in biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME stems from buffer overflows in the stack due to the absence of protection mechanisms like Canary and PIE. Exploiting this vulnerability allows an attacker operating...

CVE-2024-5712

A Cross-Site Request Forgery CSRF vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows attackers to perform unauthorized actions in the context of a victim's browser, such as deleting projects or changing application settings,...

Tcl 安全漏洞

Tcl is a freely available open source package. It provides a powerful platform for creating integrated applications that tie together various applications, protocols, devices and frameworks. A security vulnerability exists in TCL 30Z , TCL 10 that stems from the fact that certain software version...

The vulnerability of cloud-based data storage software for IBM Watson CP4D Data Stores lies in the lack of encryption measures for protected data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of cloud-based data storage software for IBM Watson CP4D Data Stores lies in the lack of encryption measures for protected data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the cloud platform for protecting applications from unauthorized users and Cisco Duo devices for Windows lies in the lack of protection for service data, allowing a intruder to disclose the protected information.

The vulnerability of the cloud platform for protecting applications from unauthorized users and Cisco Duo devices for Windows is related to the lack of protection for sensitive data. Exploiting this vulnerability could allow a hacker to disclose the protected information...

The vulnerability of the Connectize G6 AC2100 router’s microprogramming software lies in the lack of protective measures for the website structure, allowing attackers to alter the Wi-Fi password.

The vulnerability of the Connectize G6 AC2100 router’s microprogramming software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to change the Wi-Fi password remotely...

AZL-26809 CVE-2023-28320 affecting package mysql for versions less than 8.0.34-1

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...

CVE-2023-0504

The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

EasyVista 安全漏洞

EasyVista is an application from EasyVista, Inc. creates digital experiences that help organizations work smarter, faster, and better automatically. A security vulnerability exists in EasyVista version 2020.2.125.3, which stems from the fact that some applications do not implement protection...

ecto 安全漏洞

ecto is an elixir-ecto open source toolkit for data mapping and language integration queries. A security vulnerability exists in ecto version 2.2.0, which stems from the lack of some kind of protection mechanism...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to execute arbitrary code or gain unauthorized access to protected information.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or gain unauthorized access to...

The vulnerability of the WPE WebKit web page rendering module, related to the lack of measures taken to protect the structure of the web page, allows attackers to access confidential data.

The vulnerability of the WPE WebKit web page rendering module is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

CVE-2022-36670

PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable...

CVE-2022-36670

PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable...

CVE-2022-1612

The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-0830

The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put...