CVE-2024-13278

Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0...

CVE-2024-13278

Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0...

CVE-2024-13278

Drupal Diff vulnerability (CVE-2024-13278) stems from an incorrect authorization check in the Diff module, enabling functionality misuse. Affected: Diff module in Drupal (versions 0.0.0 through 1.7.9; fixed in 1.8.0+). Impact: access bypass and information disclosure due to insufficient revision ...

CVE-2024-13278 Diff - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-042

Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0...

CVE-2024-13278 Diff - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-042

Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0...

CVE-2024-13274 Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038

Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5...

CVE-2024-13274 Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038

Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5...

CVE-2024-13274

CVE-2024-13274 affects Drupal Open Social, specifically versions prior to 12.3.8 and prior to 12.4.5. The root cause is improper validation of flood control limits on the password reset form, enabling potential abuse that could lead to a Denial of Service. Public references from Drupal advisories...

PT-2025-3832 · Unknown · Code-Projects Online Bike Rental System

Name of the Vulnerable Software and Affected Versions: code-projects Online Bike Rental System version 1.0 Description: A critical issue has been found in the Change Image Handler component, allowing for unrestricted upload. This can be exploited remotely. The issue affects some unknown...

Huawei HarmonyOS 竞争条件问题漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in the Huawei HarmonyOS Distributed Notification Module, which can be exploited by an attacker to cause...

Huawei HarmonyOS 输入验证错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by attackers to cause abnormal functionality...

Huawei HarmonyOS 权限许可和访问控制问题漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS Connectivity module, which can be exploited by an attacker to cause functionality anomalies...

CVE-2025-22132 WeGIA has a Cross-Site Scripting (XSS) in File Upload Field

WeGIA is a web manager for charitable institutions. A Cross-Site Scripting XSS vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute...

CVE-2025-22132 WeGIA has a Cross-Site Scripting (XSS) in File Upload Field

WeGIA is a web manager for charitable institutions. A Cross-Site Scripting XSS vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute...

CVE-2025-21624 ClipBucket V5 Playlist Cover File Upload to Remote Code Execution

ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script...

PT-2025-4529 · Unknown · Ofek Nakar Virtual Bot

Name of the Vulnerable Software and Affected Versions: Ofek Nakar Virtual Bot versions n/a through 1.0.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can perform actions on behalf of a user without their knowledge,...

CVE-2024-45547

Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality...

CVE-2024-45547

CVE-2024-45547 concerns memory corruption in Qualcomm chipsets triggered while processing an IOCTL from user-space to verify non-extension FIPS encryption/decryption. The CVE details indicate a local, low-privilege attack with no user interaction, but with high impact on confidentiality, integrit...

CVE-2025-0224 Provision-ISR SH-4050A-2 server.js information disclosure

A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2LMM, SH-8100A-2LMM, SH-16200A-21U, SH-16200A-51U and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /server.js. The manipulation leads to...

CVE-2025-22383

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific...