265 matches found
CVE-2025-50369
A Cross-Site Request Forgery CSRF vulnerability exists in the Manage Card functionality /mcgs/admin/manage-card.php of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET request without verifying...
CVE-2025-20181
A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the...
The vulnerability of the Navigation components in Google Chrome and Microsoft Edge allows attackers to circumvent existing security restrictions.
The vulnerability of the Navigation components in Google Chrome and Microsoft Edge is related to a lack of mechanisms for verifying the source of the page. Exploiting this vulnerability allows an attacker to bypass existing security restrictions by using a specially created HTML page...
The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to a lack of mechanisms for verifying the source, allows attackers to access confidential data.
The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit is related to a lack of mechanisms for verifying the source of the data. Exploiting this vulnerability can allow an attacker to gain access to confidential data...
The vulnerability of the OBN component of the SAP NetWeaver Enterprise Portal software integration platform lies in the lack of authenticity verification for a critical function. This allows attackers to circumvent existing security restrictions.
The vulnerability of the OBN component in the SAP NetWeaver Enterprise Portal software integration platform is related to the lack of authenticity verification for a critical function. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions remotely...
UBUNTU-CVE-2024-55581
When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate unless the using program specifies a TLS configuration...
The vulnerability of microprogrammed software for programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi lies in the lack of origin verification in WebSockets. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of microprogrammed programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi is related to the lack of origin verification in WebSockets. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to protected...
CVE-2024-56456
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability...
PT-2025-3299 · Unknown · 3D Engine Module
Name of the Vulnerable Software and Affected Versions: 3D engine module affected versions not specified Description: The issue concerns the lack of verification of input parameters during the loading of glTF models in the 3D engine module. Successful exploitation of this issue may impact...
CVE-2020-9089
There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. Vulnerability ID: HWPSIRT-2019-12141 Th...
PT-2024-34682 · Unknown · Hdc Module
Name of the Vulnerable Software and Affected Versions: HDC module affected versions not specified Description: The issue concerns the lack of verification of input parameters in the HDC module. Successful exploitation may impact availability. Recommendations: At the moment, there is no informatio...
Traversal outside working tree enables arbitrary code execution
Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...
Hancom Office 安全漏洞
Hancom Office is a mobile office program from the Korean company Hancom. The program supports viewing and editing documents in multiple formats. A security vulnerability exists in Hancom Office that originates from not verifying the existence of an object before performing an operation on it...
shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...
Lunary 安全漏洞
lunary is a production toolkit for LLM. An insecure direct object reference vulnerability exists in lunary, which stems from an endpoint that does not validate that a supplied project ID belongs to a currently authenticated user, and can be exploited by an attacker to cause unauthorized...
PT-2024-14607 · Unknown · Vsp Driver
Name of the Vulnerable Software and Affected Versions: vsp driver affected versions not specified Description: The issue is related to a possible missing verification of incorrect input in the vsp driver. This could lead to a local denial of service with no additional execution privileges needed...
CVE-2024-28288
Ruijie RG-NBR700GW 10.34b12 router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise...
SUSE CVE-2018-25099
In the CryptX module before 0.062 for Perl, gcmdecryptverify and chacha20poly1305decryptverify do not verify the tag...
UBUNTU-CVE-2018-25099
In the CryptX module before 0.062 for Perl, gcmdecryptverify and chacha20poly1305decryptverify do not verify the tag...
USN-6678-1 libgit2 vulnerabilities
It was discovered that libgit2 mishandled equivalent filenames on NTFS partitions. If a user or automated system were tricked into cloning a specially crafted repository, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.0...