CVE-2024-39923

An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting XSS due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in...

EUVD-2024-54911

Malicious code in bioql PyPI...

Issues identified on devices running Android 14 that impact restrictions set by SecureHub.

On Android 14, some admin-set UserManager restrictions may be permanently applied on reboot, preventing SecureHub from effectively un-setting those restrictions. Affected settings are in Appendix A 2. On the upgrade from Android 13 to Android 14, some admin-set UserManager restrictions may be...

CVE-2023-21495

Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set...

[WP-H9] _swapUniswapV2 may use an improper path which can cause a loss of the majority of the rewardTokens

Lines of code Vulnerability details function harvestuint256 minOutCurve external onlyRoleSTRATEGISTROLE convexConfig.baseRewardPool.getRewardaddressthis, true; //Prevent Stack too deep errors DexConfig memory dex = dexConfig; IERC20 memory rewardTokens = strategyConfig.rewardTokens; IERC20 weth =...

CVE-2018-16449

OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html...