CVE-2024-40648 `UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result retur...

`UserIdentity::is_verified` not checking verification status of own user identity while performing the check

The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result return a value contrary to what is implied by its name and documentation. Impact If t...

PT-2024-24277 · Ibm · Ibm Planning Analytics

Name of the Vulnerable Software and Affected Versions: IBM Planning Analytics Local versions 2.0 through 2.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

PT-2024-3722 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul, allowing an...

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. The Cisco Identity Services Engine suffers from...

Emergency Ambulance Hiring Portal Cross-Site Request Forgery Vulnerability

Emergency Ambulance Hiring Portal is an emergency ambulance hiring portal. The Emergency Ambulance Hiring Portal suffers from a cross-site request forgery vulnerability that originates in the parameter del of the file /admin/manage-ambulance.php of the component manage ambulance Page that does no...

PT-2024-2642 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 123.0.6312.58 Description: The issue is related to incorrect security UI in Google Chrome, allowing a remote attacker to perform UI spoofing via a crafted HTML page. This can be achieved by exploiting the...

FlyCms Cross-Site Request Forgery Vulnerability

FlyCms is sunkaifei open source an application . A similar to Zhihu to Q&A based on the fully open source JAVA language development of social network building program . FlyCms cross-site request forgery vulnerability , the vulnerability stems from /system/admin/addgroupsave location does not...

PT-2024-14480 · Unknown · Js & Css Script Optimizer

Name of the Vulnerable Software and Affected Versions: JS & CSS Script Optimizer versions 0.3.3 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the JS & CSS Script Optimizer. This type of issue allows an attacker to trick a user into performing unintended actions on a web...

Dreamer CMS Cross-Site Request Forgery Vulnerability (CNVD-2024-0021652)

Dreamer CMS is a dreamer content management system. A cross-site request forgery vulnerability exists in Dreamer CMS v4.1.3, which stems from the component /admin/database/backup not adequately verifying whether a request comes from a trusted user, and can be exploited by an attacker to forge a...

PT-2023-30565 · Unknown · Lukman Nakib Preloader Matrix

Name of the Vulnerable Software and Affected Versions: Lukman Nakib Preloader Matrix versions n/a through 2.0.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

PT-2023-24717 · Unknown · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg versions through 2.7.11 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, which can be exploited...

PT-2023-25424 · Unknown · Sisqualwfm

Name of the Vulnerable Software and Affected Versions: sisqualWFM versions 7.1.319.103 through 7.1.319.111 Description: The issue concerns a host header injection vulnerability in the "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links...

Lack of Access Control for Critical Functions

Lines of code Vulnerability details Impact Several critical functions within the Prime contract lack proper access control mechanisms. These functions handle sensitive operations, making the contract vulnerable to unauthorized access and potential exploits. Proof of Concept Tools Used Manual...

iCMS 跨站请求伪造漏洞

iCMS is a software application, an efficient and simple content management system built with PHP and MySQL. A cross-site request forgery vulnerability exists in iCMS version 7.0.16, which stems from the component dosave not adequately verifying that a request comes from a trusted user. The...

miniCal Cross-Site Request Forgery Vulnerability

miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 cross-site request forgery vulnerability , attackers can use the GIA vulnerability to forge malicious requests to lure the victim to click to perform sensitive operations...

PT-2023-12414 · Unknown · 01-Scripts 01-Artikelsystem

Name of the Vulnerable Software and Affected Versions: 01-Scripts 01-Artikelsystem affected versions not specified Description: A problematic issue has been found, affecting an unknown function of the file 01article.php. The manipulation of the argument $ SERVER'PHP SELF' leads to cross-site...

PT-2022-28133 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository usememos/memos. CSRF is an attack that tricks a user into performing unintended actions on a web application...

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.5.5, which stems from a failure to trigger a notification for sensiti...

IBM DataPower Gateway Cross-Site Request Forgery Vulnerability

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channe...