CakePHP SecurityComponent cross form submission issue

Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues...

GHSA-J9Q2-F9Q7-JHGQ CakePHP SecurityComponent cross form submission issue

Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues...

PT-2023-33038 · Unknown · Securitycomponent

Name of the Vulnerable Software and Affected Versions: Software versions prior to 2.4.8 and 1.3.18 Description: The issue allows forms secured by SecurityComponent to be submitted to any action without triggering the tampering protection. This could lead to mass assignment issues in applications...

Exploit for SQL Injection in Wordpress

SSI-CVE-2022-21661 Information System's Security 2nd Assignme...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none...

PT-2025-37659

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where a process waiting for an rxrpc call could be interrupted, leading to subsequent sendmsg calls failing with an EBUSY error until an assignment is...

Incorrect Privilege Assignment

Overview texthelpers is an easily fetch text and static content from your locales Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the link function of lib/texthelpers/translation.rb. The manipulation of the link argument leads to using web links to untrusted...

The vulnerability of the imx_register_uart_clocks() function in the drivers/clk/imx/clk.c file of the Linux kernel allows a hacker to cause system failures or gain increased privileges.

The vulnerability of the imxregisteruartclocks function in the drivers/clk/imx/clk.c file of the Linux kernel is related to a pointer assignment error. Exploiting this vulnerability could allow an attacker to cause system failures or gain increased privileges...

The vulnerability of the SuiteLink server, related to pointer assignment errors, allows a hacker to trigger a service failure.

The vulnerability of the SuiteLink server is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor to cause service failure remotely...

The vulnerability of the SuiteLink server, related to pointer assignment errors, allows a hacker to trigger a service failure.

The vulnerability of the SuiteLink server is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor to cause service failure remotely...

The vulnerability of the SuiteLink server, related to pointer assignment errors, allows a hacker to trigger a service failure.

The vulnerability of the SuiteLink server is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor to cause service failure remotely...

Siemens Simcenter STAR-CCM+

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...

Schneider Electric APC Easy UPS Online

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: APC Easy UPS Online Vulnerabilities: Missing Authentication for Critical Function, Unrestricted Upload of File with Dangerous Type, Incorrect Permission Assignment for...

CVE-2022-4264

Incorrect Privilege Assignment in M-Files Web Classic in M-Files before 22.8.11691.0 allows low privilege user to change some configuration...

CVE-2022-4264

Incorrect Privilege Assignment in M-Files Web Classic in M-Files before 22.8.11691.0 allows low privilege user to change some configuration...

CVE-2022-4264

Incorrect Privilege Assignment in M-Files Web Classic in M-Files before 22.8.11691.0 allows low privilege user to change some configuration...

CVE-2022-4264 Incorrect privilege assignment in M-Files Web Server

Incorrect Privilege Assignment in M-Files Web Classic in M-Files before 22.8.11691.0 allows low privilege user to change some configuration...

CVE-2022-4264

The CVE-2022-4264 issue affects M-Files Web (Classic) prior to 22.8.11691.0. Root cause: incorrect privilege assignment that lets a low‑privilege user change certain configurations. Impact: configuration changes by an unauthorized user; no evidence of broader compromise provided in the documents....

CVE-2022-4264 Incorrect privilege assignment in M-Files Web Server

Incorrect Privilege Assignment in M-Files Web Classic in M-Files before 22.8.11691.0 allows low privilege user to change some configuration...

CVE-2021-32865

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none...