154 matches found
EUVD-2007-3599
Malware in sbrugna...
EUVD-2009-0744
Malware in sbrugna...
EUVD-2024-33673
Malicious code in bioql PyPI...
EUVD-2022-39946
Malicious code in bioql PyPI...
EUVD-2023-0527
Malicious code in bioql PyPI...
CVE-2024-11136
The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user’s external storage...
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability (CNVD-2024-37703)
Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. Cisco Identity Services Engine has a cross-site request forgery vulnerability that can be exploited by a remote attacker to construct a malicious URI, induce a request, and can perform malicious...
Tabnabbing
passbolt/passboltapi is vulnerable to Tapnabbing. The vulnerability is due to a flaw where a user can create and share a resource with a malicious URI that, when opened by the victim using the "Open URI in a new tab" function, grants the malicious page access to the window.opener object...
Passbolt Api Tabnabbing when opening URI with menu "Open URI in a new tab"
Description A user could create and share a resource with a malicious URI. When the victim opens with menu “Open URI in a new tab” function, the malicious page has access to the window.opener object. Impact of issue The newly opened malicious page can for example change the window.opener.location...
IBM Cognos Analytics Forms Cross-Site Request Forgery Vulnerability
IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. A cross-site request forgery vulnerability exists in IBM Cognos Analytics form processing, which can be exploited by a remote attacker to construct a malicious URI, entice a request, and ca...
Schneider Electric Conext ComBox Cross-Site Request Forgery Vulnerability
The Schneider Electric Conext ComBox is a communication and monitoring device from Schneider Electric France. The Schneider Electric Conext ComBox suffers from a cross-site request forgery vulnerability that can be exploited by a remote attacker to construct a malicious URI, which induces a reque...
FreeBSD : Spotipy -- Path traversal vulnerability (c3fb48cc-a2ff-11ed-8fbc-6cf0490a8c18)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c3fb48cc-a2ff-11ed-8fbc-6cf0490a8c18 advisory. - Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a...
OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI
Impact - Attacker providing malicious redirect uri can cause DoS to oauthlib's web application. - Attacker can also leverage usage of urivalidate functions depending where it is used. What kind of vulnerability is it? Who is impacted? Oauthlib applications using OAuth2.0 provider support or use...
CVE-2021-22984
On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM...
ELECOM WRC-300FEBK-A Cross-Site Request Forgery Vulnerability
The ELECOM WRC-300FEBK-A is a wireless access device. The ELECOM WRC-300FEBK-A suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to construct a malicious URI, bait a request, and perform a malicious operation in the context of the target user...
Elecom ELECOM WRC-300FEBK-A 跨站请求伪造漏洞
The ELECOM WRC-300FEBK-A is a wireless access device. The ELECOM WRC-300FEBK-A suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to construct a malicious URI, bait a request, and perform a malicious operation in the context of the target user...
ismartgate PRO Cross-Site Request Forgery Vulnerability
iSmartGate is a smart garage door opener system. The ismartgate PRO suffers from a cross-site request forgery vulnerability that allows a remote attacker to exploit the vulnerability to construct a malicious URI, bait a request, and can perform a malicious operation in the context of the target...
IBM BladeCenter Cross-Site Request Forgery Vulnerability (CNVD-2020-52190)
IBM Blade Center is an IBM server management program. IBM Blade Center suffers from a cross-site request forgery vulnerability that can be exploited by a remote attacker to construct a malicious URI, bait a request, and can be used to perform a malicious operation in the context of the target use...
IBM BladeCenter Cross-Site Request Forgery Vulnerability
IBM Blade Center is an IBM server management program. IBM Blade Center suffers from a cross-site request forgery vulnerability that can be exploited by a remote attacker to construct a malicious URI, bait a request, and can be used to perform a malicious operation in the context of the target use...
Open Redirection
Cloudfoundry UAA is vulnerable to open redirection.The redirect URI is not properly validated to filter wildcard characters, allowing a remote unauthenticated user to enter malicious URI to get a UAA access code...