14 matches found
EUVD-2025-0042
Malicious code in bioql PyPI...
EUVD-2022-3649
Malicious code in bioql PyPI...
CVE-2024-52813
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...
matrix-rust-sdk 安全漏洞
matrix-rust-sdk is a Matrix open source implementation of the Matrix client-server library in Rust. A security vulnerability exists in matrix-rust-sdk prior to version 0.8.0, which stems from the lack of a dedicated mechanism to notify a user of a change in cryptographic identity from verified to...
Missing facility to signal rotation of a verified cryptographic identity
Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. matrix-sdk-crypto 0.8.0 adds a n...
CVE-2023-34203
In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...
CVE-2023-34203
In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...
Design/Logic Flaw
In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...
CVE-2023-34203
In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...
CVE-2023-34203
CVE-2023-34203 affects Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer). A remote user who has any OEM or OEE role can perform a URL injection attack to change identity or role membership, enabling escalation to admin. Affected versions are: OpenEdge LTS before 11.7.16; Ope...
Yii Framework Cross-Site Request Forgery (CSRF)
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity...
CVE-2014-2225
Multiple cross-site request forgery CSRF vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new admin user via a request to api/add/admin; 2 have unspecified impact via a request to...
Cross site request forgery (csrf)
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity...
The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity
More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...