51 matches found
EUVD-2026-37217
In PostWipeData of recoveryui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0134
In PostWipeData of recoveryui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0134
CVE-2026-0134 describes a data persistence issue in PostWipeData within recovery_ui.cpp, exposing local information after a factory reset due to a logic error. Impact is information disclosure with no additional privileges required and no user interaction needed. The available documents do not sp...
CVE-2026-0134
In PostWipeData of recoveryui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-49793
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A logic error in the PostWipeData function of recovery ui.cpp may cause data persistence after a factory reset. This issue allows for local information disclosur...
free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence
Summary The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because the regular expression used for validation ends with the catch-all alternative |.+. This causes the validation logic to accept any non-empty string rather than restricting input ...
GHSA-6GXQ-GPR8-XGJP free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence
Summary The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because the regular expression used for validation ends with the catch-all alternative |.+. This causes the validation logic to accept any non-empty string rather than restricting input ...
PUB-A-438759342
In PostWipeData of recoveryui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
DataPersistence-Sung-UnPARK-17039326
No d...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the issue of tagging the “gcing” flag on the page during block migration. It is necessary to add the missing “gcing” flag on the page during block migration, in order to ensure that the migrated data is persisted duri...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper synchronization operations. This vulnerability may cause file systems that do not...
cross-site-scripting-lab
XSS Lab Documentation Overview What Is Cross-Site Scr...
CVE-2026-27953
ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...
CVE-2026-27953
ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...
ormar 安全漏洞
ORMar is a Python ORM library developed by Collerek’s individual developers. Versions of Ormar prior to 0.23.0 contain security vulnerabilities. These vulnerabilities stem from Pydantic validation bypasses in the model constructor. This allows unvalidated users to bypass field validations by...
CVE-2026-27189 OpenSift: Race-prone local persistence could cause state corruption/loss
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state...
OpenSift 安全漏洞
OpenSift is an open-source artificial intelligence learning assistant developed by OpenSift. Versions of OpenSift 1.1.2-alpha and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of non-atomic and insufficiently synchronized local JSON persistence processes,...
CVE-2026-25126 PolarLearn's unvalidated vote direction allows vote count manipulation
PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route POST /api/v1/forum/vote trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings e.g., "x" ...
XSS in Chat Message Leads to Account Tackover
Description The vulnerability resides in the data persistence layer of the application. The fromdict method in the AppLollmsMessage class acts as a "sink" for raw data. It retrieves the content value from an input dictionary and assigns it directly to the object without any form of sanitization o...
Use of Hard-coded Cryptographic Key
Overview org.apache.syncope.core:syncope-core-persistence-jpa is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology and released under Apache 2.0 license. Affected versions of this package are vulnerable to Use of Hard-coded...