CVE-2021-22411

There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activities to trigger the bad logic and cause out-of-bounds write. This may compromise the normal service...

CVE-2025-1635

Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business logic...

The vulnerability of Flask’s CORS storage library in Python PyPi products allows attackers to circumvent existing security restrictions.

The vulnerability of Flask’s CORS storage library in Python PyPi products is related to incorrect handling of logical operations. Exploiting this vulnerability allows an attacker to bypass existing security restrictions remotely, leading to unexpected implementation of CORS policies...

Code injection

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and...

CVE-2023-3766 Invalid Slice Split Results in Server Panic

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and...

Privilege Escalation

pimcore/pimcore is vulnerable to Privilege Escalation . The vulnerability exits due to faulty logic in the updateAction function of UserController.php, which allows a low level user to elevate their privileges to an admin...

Authentication Bypass

phpmyfaq is vulnerable to Authentication Bypass. The vulnerability is due to a Captcha bypass which allows an attacker to send unlimited comments due to the faulty logic in the checkCaptchaCode function in fileCaptcha.php, resulting in authentication bypass...

A staker might be still be able to stake after staking is over.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. A staker might be still be able to stake after staking is over. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrate...

The vulnerabilities of operating systems such as iOS, iPadOS, macOS, tvOS, the browser Safari, the multimedia player iTunes, and the iCloud service allow attackers to compromise the integrity of protected information.

The vulnerabilities of operating systems such as iOS, iPadOS, macOS, tvOS, the browser Safari, the multimedia player iTunes, and the iCloud service are related to incorrect processing of logical operations. Exploiting these vulnerabilities allows a malicious actor to compromise the integrity of...

CVE-2021-22411

There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activities to trigger the bad logic and cause out-of-bounds write. This may compromise the normal service...

ProjectSend Security Vulnerability

ProjectSend formerly cFTP is a suite of self-hosted applications based on PHP and MySQL. ProjectSend before r1295 suffers from a security vulnerability that incorrectly resets passwords due to faulty business logic...