17 matches found
CVE-2018-19924
An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address...
CVE-2017-18459
cPanel before 62.0.17 allows arbitrary code execution during account modification SEC-220...
EUVD-2018-19264
Malware in sbrugna...
EUVD-2012-5512
Malware in sbrugna...
EUVD-2022-2838
Malicious code in bioql PyPI...
EUVD-2023-34941
Malicious code in bioql PyPI...
EUVD-2025-7794
Malicious code in bioql PyPI...
PT-2025-26920 · WordPress · Vg Wort Metis
Name of the Vulnerable Software and Affected Versions: VG WORT METIS plugin for WordPress versions prior to 2.0.0 Description: The issue is related to unauthorized modification of data due to a missing capability check on the gutenberg save post function. This allows authenticated attackers with...
CVE-2024-21722
The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified...
CVE-2017-18427
In cPanel before 66.0.2, weak log-file permissions can occur after account modification SEC-289...
CVE-2024-9876 Application is vulnerable to Privilege escalation
: Modification of Assumed-Immutable Data MAID vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4...
PT-2025-18314 · Opencti · Opencti
Name of the Vulnerable Software and Affected Versions: OpenCTI versions 6.4.8 through 6.4.9 Description: The issue allows a user to bypass allow/deny lists and modify attributes that are intended to be unmodifiable. This includes toggling the external flag on/off, changing the own token value for...
PT-2025-18311 · Abb · Abb Anc-L +2
Name of the Vulnerable Software and Affected Versions: ABB ANC versions 1.1.4 and earlier ABB ANC-L versions 1.1.4 and earlier ABB ANC-mini versions 1.1.4 and earlier Description: The issue is related to the modification of assumed-immutable data, referred to as MAID. This problem affects various...
Improper Access Control Vulnerability in Tenda FH1202 (CNVD-2025-07508)
The Tenda FH1202 is a wireless router from China's Tenda. An improper access control vulnerability exists in the Tenda FH1202. The vulnerability stems from an improper access control issue in the /goform/qossetting file, which could lead to unauthorized access or modification. An attacker could u...
CVE-2025-1007
CVE-2025-1007 affects OpenVSX, specifically versions v0.9.0 through v0.20.0. The vulnerability arises in the /user/namespace/{namespace}/details API (and the related /user/namespace/{namespace}/details/logo) where a non-owner/non-contributor user can edit all namespace details (name, description,...
CVE-2024-57935 RDMA/hns: Fix accessing invalid dip_ctx during destroying QP
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix accessing invalid dipctx during destroying QP If it fails to modify QP to RTR, dipctx will not be attached. And during detroying QP, the invalid dipctx pointer will be accessed...
SUSE-SU-2020:2025-1 Security update for perl-YAML-LibYAML
This update for perl-YAML-LibYAML fixes the following issues: perl-YAML-LibYAML was updated to 0.69: bsc1173703 Security fix: Add $LoadBlessed option to turn on/off loading objects: Default is set to true. Note that, the behavior is unchanged. Clarify documentation about exported functions Dump w...