CVE-2026-43937

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. The most impactful abuse is /Admin/RunSql, whose OnPostRunQuery binds Editor from the POST body and...

EUVD-2021-12416

Malware in sbrugna...

EUVD-2021-12417

Malware in sbrugna...

EUVD-2021-12366

Malware in sbrugna...

EUVD-2021-12252

Malware in sbrugna...

EUVD-2022-52575

Malicious code in bioql PyPI...

EUVD-2022-52547

Malicious code in bioql PyPI...

CVE-2021-25520

Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet...

CVE-2021-25356

An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application...

CVE-2021-25470

An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE...

CVE-2022-30746

Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API...

CVE-2022-30746

Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API...

CVE-2022-30746

Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API...

Design/Logic Flaw

Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API...

CVE-2022-30746

Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API...

CVE-2022-30717

Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink...

CVE-2022-30717

The CVE-2022-30717 entry concerns Samsung AR Emoji prior to SMR Jun-2022 Release 1, with an underlying issue described as an improper caller check. The vulnerability allows untrusted applications to access certain camera functions via deeplink, presenting a remote-like risk without user interacti...

CVE-2022-30717

Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink...

PT-2022-20285 · Unknown · Smartthings

Name of the Vulnerable Software and Affected Versions: Smart Things versions prior to 1.7.85.12 Description: The issue is related to a missing caller check in Smart Things, allowing an attacker to access sensitive information remotely using the javascript interface API. Recommendations: For...

Missing access restriction on StabilityPool's receiveCollateral

Handle kenzo Vulnerability details StabilityPool's receiveCollateral should only be called by ActivePool, but that check is missing. Anybody can call it and update StabilityPool's total collateral variable. Impact Wrong amounts of total collateral in StabilityPool totalColl. As far as I can see,...