49 matches found
EUVD-2025-6860
Malicious code in bioql PyPI...
EUVD-2024-43903
Malicious code in bioql PyPI...
EUVD-2023-37323
Malicious code in bioql PyPI...
Advisory ROSA-SA-2025-2940
Software: exfatprogs 1.2.9 OS: ROSA-CHROME unaffected versions = exfatprogs-1.2.9-1 affected versions exfatprogs-1.2.9-1 CVE-ID: CVE-2023-45897 BDU-ID: 2024-03156 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the readfiledentryset function of the exfatprogs user-space utility is related to readi...
PT-2025-24579 · Amd · Amd Versal Adaptive Soc
Name of the Vulnerable Software and Affected Versions: AMD Versal Adaptive SoC devices affected versions not specified Description: The issue arises from the incorrect configuration of the Secure Stream Switch SSS during runtime, specifically after the system has booted, which could cause data to...
CVE-2025-46722 vLLM has a Weakness in MultiModalHasher Image Hashing Implementation
vLLM is an inference and serving engine for large language models LLMs. In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image...
CVE-2024-28167
SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization...
CVE-2022-48287
The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity...
CVE-2021-36751
ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to data manipulation without knowledge of the key. This is called ciphertext malleability. There is no data integrity mechanism to detect this manipulation...
CVE-2025-31327 OData meta-data property entity tampering in SAP Field Logistics
SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not impacted...
CVE-2024-11301
In lunary-ai/lunary before version 1.6.3, the application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to overwrite existing data by submitting a POST request with the same slug as an existing evaluator...
CVE-2024-11301
CVE-2024-11301 affects lunary-ai/lunary prior to 1.6.3. The issue is the absence of a unique constraint on the combination of projectId and slug when creating evaluators, allowing an attacker to overwrite an existing evaluator by submitting a POST with the same slug. This leads to data integrity ...
CVE-2024-11301 Improper Enforcement of Unique Constraint in lunary-ai/lunary
In lunary-ai/lunary before version 1.6.3, the application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to overwrite existing data by submitting a POST request with the same slug as an existing evaluator...
Linux Distros Unpatched Vulnerability : CVE-2022-28199
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA's distribution of the Data Plane Development Kit MLNXDPDK contains a vulnerability in the network stack, where error recovery is not handled properly,...
DEBIAN-CVE-2024-45781
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...
Advisory ROSA-SA-2025-2655
Software: webkit4 2.44.1 OS: ROSA-CHROME packageevrstring: webkit4-2.44.1-1 CVE-ID: CVE-2023-28198 BDU-ID: 2023-04538 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the macOS operating system WebKit web page display module is associated with a post-release exploit error. Exploitation of the...
Moderate: Red Hat Security Advisory: bzip2 security and bug fix update
An update for bzip2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
ALSA-2025:0733 Moderate: bzip2 security update
The bzip2 packages contain a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. Security Fixes: bzip2: bzip2: Data integrity error when decompressing with data integrity test...
ROS-20241220-01
A vulnerability in the password verification function of the PHP programming language is related to insufficient calculation of the password hash. password hash. Exploitation of the vulnerability allows an attacker to affect data integrity...
Lack of unique constraint validation allows overwriting evaluators
Description The application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to overwrite existing data by submitting a POST request with the same slug as an existing evaluator. Since the backend lacks databa...