Qualcomm Chipsets security vulnerabilities

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There is a security vulnerability in Qualcomm Chipsets, which stems from memory corruption when the Windows driver sends incorrect trusted application requests...

EUVD-2026-33378

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests...

[SECURITY] Fedora 42 Update: rust-reqsign-core-2.0.0-1.fc42

Signing API requests without effort...

EUVD-2017-10697

Malware in sbrugna...

CVE-2023-1749

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to the improper verification of user permissions when accessing groups. An attacker can view unauthorized group information by crafting a malicious API request. Remediation Upgrade...

CVE-2022-1592

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...

PT-2023-7697 · Fortinet · Fortiproxy +2

Name of the Vulnerable Software and Affected Versions: FortiProxy versions 7.2.0 through 7.2.4 FortiProxy versions 7.0.0 through 7.0.10 FortiOS versions 7.4.0 FortiOS versions 7.2.0 through 7.2.4 FortiOS versions 7.0.0 through 7.0.11 FortiOS versions 6.4.0 through 6.4.12 FortiOS versions 6.2.0...

CVE-2020-4729

IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the...

TheSpyApp 访问控制错误漏洞

TheSpyApp is the next generation of smartphone monitoring software. TheSpyApp suffers from a security vulnerability that stems from an IDOR Insecure Direct Object Reference vulnerability that arises from a backend infrastructure shared by multiple mobile device monitoring services that does not...

Huawei P30 JavaScript injection vulnerability

Huawei P30 is a smartphone from Huawei China.The Huawei P30 is vulnerable to JavaScript injection, which can be exploited by attackers to launch JavaScript injection by sending malicious application requests...

IBM WebSphere Application Server 7.0.0.x < 7.0.0.45 / 8.0.0.x < 8.0.0.15 / 8.5.x < 8.5.5.13 / 9.0.x < 9.0.0.7 Information Disclosure (CVE-2017-1681)

The IBM WebSphere Application Server running on the remote host is version 7.0.0.0 through 7.0.0.43, 8.0.0.0 prior to 8.0.0.15, 8.5.0.x prior to 8.5.5.13, or 9.0.x prior to 9.0.0.7. It is, therefore, affected by an information disclosure vulnerability due to improper handling of application...

CVE-2020-5742

Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests...

Information disclosure

IBM WebSphere Application Server IBM Liberty for Java for Bluemix 3.15 could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003...

CVE-2017-1681

IBM WebSphere Application Server IBM Liberty for Java for Bluemix 3.15 could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003...

CVE-2017-1681

IBM WebSphere Application Server IBM Liberty for Java for Bluemix 3.15 could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003...

CVE-2017-16930

The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging...

openSUSE Security Update : tor (openSUSE-2016-1526)

This update for tor updates to version 0.2.8.12 and fixes the following issues : - a hostile hidden service could cause tor clients to crash boo1016343, CVE-2016-1254 - updated fallback directory list - updated geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 Country database. - When Tor...