django-unicorn affected by component state manipulation via unvalidated attribute access

Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...

EUVD-2023-45242

Malicious code in bioql PyPI...

CVE-2019-15404

The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WWPhone/ASUSX00HD4:7.1.1/NMF26F/14.2016.1712.367-20171225:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000020, versionName=7.0.0.4170901 that allows other...

CVE-2019-15406

The Asus ASUSX00LD3 Android device with a build fingerprint of asus/WWPhone/ASUSX00LD3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000020, versionName=7.0.0.4170901 that allows other...

PT-2025-21367 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions prior to 2.5.10 Description: The issue is related to a file upload vulnerability in the store.php component, which fails to properly validate the contents of remotely downloaded ZIP plugin files. This insufficient validatio...

PT-2025-17235 · Unknown · Prison Management System

Name of the Vulnerable Software and Affected Versions: Personal Management System version 1.4.65 Description: An issue in the Personal Management System allows a remote attacker to obtain sensitive information via the my-contacts-settings component. Recommendations: For version 1.4.65, consider...

CVE-2024-51123

An issue in Zertificon Z1 SecureMail Z1 SecureMail Gateway 4.44.2-7240-debian12 allows a remote attacker to obtain sensitive information via the /compose-pdf.xhtml?convid=id component...

PT-2025-7118 · Hooskcms · Hooskcms

Name of the Vulnerable Software and Affected Versions: hooskcms version 1.7.1 Description: The issue allows a remote attacker to obtain sensitive information through the "/install/index.php" component. This is due to a Cross Site Scripting vulnerability. Recommendations: For hooskcms version 1.7....

PT-2025-3558 · Msfm +1 · Msfm +1

Name of the Vulnerable Software and Affected Versions: MSFM versions prior to 2025.01.01 Description: A fastjson deserialization issue was found in the component system/table/add. This issue affects MSFM and can be exploited via the system/table/add component. Recommendations: For versions prior ...

PT-2024-35751 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA version 3.2.0 Description: The issue concerns multiple stored cross-site scripting XSS vulnerabilities in the /configuracao/meio pagamento.php component. Attackers can execute arbitrary web scripts or HTML via a crafted payload injected...

PT-2024-35430 · Dedebiz · Dedebiz

Name of the Vulnerable Software and Affected Versions: DedeBIZ version 6.3.0 Description: An arbitrary file upload vulnerability in the component /admin/friendlink edit allows attackers to execute arbitrary code via uploading a crafted file. The vulnerability is located in the /admin/friendlink...

CVE-2024-37767

Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request...

PT-2024-28403 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio version 4.36.1 Description: A code injection issue was discovered in Gradio via the component /gradio/component meta.py. This issue is triggered by a crafted input. Note that the supplier disputes this report as it involves a user...

CVE-2024-29809

CVE-2024-29809 is a reflected XSS in the Photo Gallery WordPress plugin (referenced by RH CVE) where the image_url parameter in the admin-ajax.php editimage_bwg action is echoed into JavaScript in the response. This requires an authenticated user with access to the component. The Red Hat entry re...

PT-2024-20933

Name of the Vulnerable Software and Affected Versions Ignite Realtime Openfire versions 4.9.0 and earlier Ignite Realtime Openfire versions 4.8.0 and earlier Description The issue allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component or the ROOM...

PT-2024-2634 · Liblas · Liblas

Name of the Vulnerable Software and Affected Versions: libLAS version 1.8.1 Description: The issue is related to a memory leak vulnerability in the /libLAS/apps/ts2las.cpp component of the libLAS library, which is used for reading and writing geospatial data. This vulnerability can be exploited b...

PT-2023-8048 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.2 Description: The issue is related to multiple memory corruption problems that have been addressed through improved input validation. Processing a maliciously crafted file may lead to unexpected app termination or...

Privilege escalation

IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584...

PT-2019-6163 · Netty +2 · Netty +2

Name of the Vulnerable Software and Affected Versions: Netty versions prior to 4.1.44 Description: The issue is related to the HttpObjectDecoder.java component in Netty, which lacks a check for the presence of a colon in HTTP headers. This could lead to incorrect syntax interpretation or be seen ...

CVE-2019-5233

Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41SP2C00E41R3P2 have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components...