10 matches found
CVE-2026-4117 CalJ <= 1.5 - Authenticated (Subscriber+) Arbitrary Settings Modification via 'save-obtained-key' Action
The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the CalJSettingsPage class constructor, which processes the 'save-obtained-key' operation directly from POST data without verifying that the...
EUVD-2016-3595
Malware in sbrugna...
EUVD-2019-18873
Malware in sbrugna...
Important: nerdctl
Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...
QSIGE Security Vulnerabilities
QSIGE is an intelligent waiting management system from QSIGE, Inc. A security vulnerability exists in QSIGE that stems from omitting key control authorization, allowing an attacker to extract sensitive information from the API...
PT-2022-28100 · Unknown · Usememos/Memos
Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue is related to an Authorization Bypass Through User-Controlled Key, which can lead to Improper Authentication. This allows unauthorized access, potentially compromising the security...
kernel: dereferencing NULL payload with nonzero length
A flaw was found in the implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer...
The vulnerability of the skb_flow_dissect function in the flow_dissector.c file of the kernel’s Linux operating system allows a attacker to cause a service failure or execute arbitrary code.
The vulnerability of the skbflowdissect function in the flowdissector.c file of the Linux kernel’s network subsystem is related to insufficient input validation. The function returns a value of true for the keycontrol protocol without setting values for nproto, ipproto, and thoff. Exploiting this...
Apple Can Still Read Your End-to-End Encrypted iMessages
If you are backing up your data using iCloud Backup, then you need you watch your steps NOW! In government fight against encryption, Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products. When it...
DEBIAN-CVE-2014-9529
Race condition in the keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service memory corruption or panic or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during...