356 matches found
PT-2025-32188
Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The Android Framework component contains a flaw in access control. Exploitation of this issue may allow an attacker to escalate privileges. A race condition in multiple locations may allow...
The vulnerability of the framework for working with large language models (LLMs) like LlamaIndex lies in the improper restriction on recursive references to entities in the DTD. This allows attackers to trigger a service failure.
The vulnerability of the LlamaIndex framework for working with large language models is related to an improper limitation on recursive references to entities in the DTD. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the framework for creating applications based on the combination of language models (LLMs) like LangChain arises from insufficient validation of requests at the server-side level. This allows attackers to execute an SSRF attack.
The vulnerability of the framework for creating applications based on the combination of language models LLMs like LangChain is related to insufficient validation of requests at the server-side. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack...
The vulnerability of the cross-platform software development framework Qt, related to a predictable initial number in the pseudorandom number generator, allows a hacker to bypass authentication.
The vulnerability of the cross-platform software development framework Qt is related to a predictable initial number in the pseudorandom number generator. Exploiting this vulnerability can allow an attacker to bypass authentication...
Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-16592)
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A security vulnerability exists in Huawei HarmonyOS an...
CVE-2025-53186
Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability...
PT-2025-28121 · Huawei +1 · Emui +1
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A vulnerability exists in the audio framework module, allowing third-party call apps to send broadcasts without verification. Successful exploitation of this issue may affect availability...
ROS-20250703-05
A vulnerability in the cross-platform software development framework Qt is related to the fact that QAbstractOAuth in Qt Network Authorization uses only time to run PRNG Exploitation of this vulnerability could allow an attacker acting remotely to bypass authentication. of the vulnerability could...
CVE-2024-46993
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath and nativeImage.createFromBuffer functions call a function downstream that is vulnerable to a heap...
CVE-2025-49006
Wasp Web Application Specification is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation affecting only Keycloak with a specific config. Wasp currently lowercases OAuth user IDs before...
The vulnerability of the Framework component of the Android operating system, which allows a hacker to increase their privileges
The vulnerability of the Framework component in the Android operating system relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the Framework component of the Android operating system, which allows a hacker to increase their privileges
The vulnerability of the Framework component in the Android operating system relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges...
CVE-2025-0324
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges...
CVE-2023-46131
Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3,...
CVE-2023-47130
Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29...
CVE-2022-43484
TERASOLUNA Global Framework 1.0.0 Public review version and TERASOLUNA Server Framework for Java Rich 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an...
CVE-2021-39770
In Framework, there is a possible disclosure of the device owner package due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid...
CVE-2021-38241
Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework...
CVE-2025-48075
Summary: The CVE-2025-48075 entry concerns the GoFiber (fiber) web framework. Starting in versions 2.52.6 and earlier than 2.52.7, fiber.Ctx.BodyParser can map flat data to nested slices using key[idx]value syntax; if idx is negative, it panics instead of returning an error, potentially causing d...
CVE-2020-14531
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM component: SWSE Server. Supported versions that are affected are 20.6 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful...