Code-Projects Contact Management System 授权问题漏洞

Code-Projects Contact Management System is an open-source contact management system developed by Code-Projects. Version 1.0 of the Code-Projects Contact Management System has a vulnerability related to authorization issues. This vulnerability stems from incorrect handling of parameter IDs, which...

CVE-2019-18619

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave all versions prior to 2019-11-15 allows a local user to execute arbitrary code in the enclave that can compromise confidentiality of enclave data via APIs that accept invalid pointers...

favorites-web 代码问题漏洞

favorites-web cloudfavorites is a cloudfavorites open source website built with Spring Boot. A code issue vulnerability exists in favorites-web version 1.3.0 and earlier, which stems from an incorrect manipulation of the parameter url resulting in a server-side request forgery...

Tmall_demo 代码问题漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A code issue vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from the incorrect operation of the parameter File in the file tmall/admin/uploadProductImage, resulting in unlimited uploads...

Sixun Shanghui Business Management System 安全漏洞

Sixun Shanghui Business Management System is a group business management system from Sixun, a Chinese company. A security vulnerability exists in Sixun Shanghui Business Management System version 7, which stems from an incorrect operation of the parameter OperId that can lead to improper...

Nipah Virus Testing Management System Security Vulnerability

Nipah Virus Testing Management System is an online virus diagnostic platform. A security vulnerability exists in version 1.0 of the PHPGurukul Nipah Virus Testing Management System, which stems from an incorrect manipulation of the parameter empid that can lead to sql injection...

Incorrect parameter for getCallerReward might return 0 reward despite insolvency

Lines of code Vulnerability details Impact The calculation of the caller reward uses an incorrect value. If the exchangeRate remains the same but a lot of interest accrues, then there will be no liquidation reward. Without a liquidation reward borrowing positions will not get liquidated and incur...

Incorrect parameter in withdraw function

Lines of code Vulnerability details Impact An incorrect parameter is used in the withdraw function in SfrxEth.sol. The amount variable is used when the frxEthBalance variable should be used to calculate minOut. The amount that gets swapped at the FRXETHCRVPOOLADDRESS is the frxEthBalance, not the...

CVE-2022-39354 evm has incorrect is_static parameter for custom stateful precompiles

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

CVE-2020-25268

Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data...

Command injection

On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the resbuf parameter to index.cgi...

Design/Logic Flaw

sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to cause a denial of service out-of-bounds write and memory corruption or...

CVE-2013-1224

CVE-2013-1224 affects Cisco Unified CVP (Resource Manager) prior to 9.0.1 ES 11. A directory traversal flaw allows remote attackers to overwrite arbitrary files by sending crafted HTTP or HTTPS requests that bypass parameter validation (Bug CSCub38369). The issue is tied to the Resource Manager c...

CVE-2005-0951

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate was created as a result of an analysis error for a researcher advisory for an issue that already existed. It stated an incorrect parameter, which was not part of the vulnerability at all. Notes: CVE users...