CVE-2025-57821

CVE-2025-57821 concerns Basecamp’s Google Sign-In for Rails. Before v1.3.0, a malformed redirect URL can bypass the same-origin check, allowing redirects to an attacker-controlled origin. If Rails apps store flash data in a session cookie, this can be chained with an attack that injects arbitrary...

QSAN SANOS and QSAN XEVO Command Injection Vulnerability

QSAN SANOS and QSAN XEVO are both products of QSAN China. QSAN SANOS is a SAN storage management operating system. It comes with a refreshingly easy-to-use Web GUI and can be easily deployed to any infrastructure.QSAN XEVO is a flash data management system. It reduces repetitive tasks and provide...

PT-2020-13626 · Espressif · Esp32

Name of the Vulnerable Software and Affected Versions: ESP32 affected versions not specified Description: The issue concerns bypassing Secure Boot and Flash Encryption on ESP32 chips. It allows extracting decrypted flash data from a fully protected ESP32 chip using chip-level weaknesses, without...

CVE-2017-11057

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in compatibility mode, flashdata from 64-bit userspace may cause disclosure of kernel memory or a fault due to using a userspace-provided address...

Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability - Mac OS X

Adobe Reader/Acrobat is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...