3945 matches found
CVE-2025-30143
Rule 3000216 before version 2 in Akamai App & API Protector with Akamai ASE before 2024-12-10 does not properly consider JavaScript variable assignment to built-in functions and properties...
The vulnerability of the Fluent Bit logging collection and processing tool, related to the swapping of the zero pointer, allows a malicious actor to trigger a service failure.
The vulnerability of the Fluent Bit logging and processing tool is related to the assignment of the zero pointer. Exploiting this vulnerability can allow a malicious actor to cause a service failure through a specially crafted HTTP request...
CVE-2025-25620
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting XSS in the Create assignment function...
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...
GHSA-RP28-MVQ3-WF8J Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...
CVE-2025-2304
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...
CVE-2025-2304 Camaleon CMS Privilege Escalation
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...
CVE-2025-2304 Camaleon CMS Privilege Escalation
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...
CVE-2025-21854
In the Linux kernel, the following vulnerability has been resolved: sockmap, vsock: For connectible sockets allow only connected sockmap expects all vsocks to have a transport assigned, which is expressed in vsockproto::psockupdateskprot. However, there is an edge case where an unconnected...
CamaleonCMS 安全漏洞
CamaleonCMS is an advanced dynamic content management system CMS based on RubyonRails by the CamaleonCMS team. A security vulnerability exists in CamaleonCMS that stems from a mass assignment that could lead to elevation of privilege...
PT-2025-11259
Name of the Vulnerable Software and Affected Versions Camaleon CMS affected versions not specified Description Privilege escalation is possible through mass assignment, a condition where an application takes user-provided data and binds it to an internal object without proper filtering. This occu...
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...
vsock/bpf: return early if transport is not assigned
...
Siemens SCALANCE X-200RNA Switch Devices Incorrect Permission Assignment for Critical Resource (CVE-2017-15906)
The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
The vulnerability of Zoom video conferencing software, related to improper assignment of ownership rights, allows a violator to disclose protected information.
The vulnerability of Zoom video conferencing software is related to the improper assignment of ownership rights. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
CVE-2025-21854
In the Linux kernel, the following vulnerability has been resolved: sockmap, vsock: For connectible sockets allow only connected sockmap expects all vsocks to have a transport assigned, which is expressed in vsockproto::psockupdateskprot. However, there is an edge case where an unconnected...
CVE-2025-21854
The CVE-2025-21854 issue affects the Linux kernel sockmap/vsock path. It occurs when a connectible (unconnected) vsock may lose its prior transport, potentially causing a NULL dereference in the BPF recv path and a crash when a listening vsock is present in a sockmap. The root cause is that sockm...
CVE-2025-21854 sockmap, vsock: For connectible sockets allow only connected
In the Linux kernel, the following vulnerability has been resolved: sockmap, vsock: For connectible sockets allow only connected sockmap expects all vsocks to have a transport assigned, which is expressed in vsockproto::psockupdateskprot. However, there is an edge case where an unconnected...
CVE-2025-25620
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting XSS in the Create assignment function...
CVE-2025-25620
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting XSS in the Create assignment function...