18 matches found
CVE-2026-49203
Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...
CVE-2026-49203
Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...
EUVD-2026-34214
Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...
CVE-2026-49203
The CVE-2026-49203 entry concerns crucial management API endpoints for cellular eSIM allocation that do not validate caller authorization, enabling remote profiles to be rewritten or deleted. Affected behavior: unauthorized caller can modify eSIM profiles via management APIs. Root cause: missing ...
CVE-2026-49203
Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...
PT-2026-46154
Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...
Google to Shut Down Dark Web Monitoring Tool in February 2026
Google has announced that it's discontinuing its dark web report tool in February 2026, less than two years after it was launched as a way for users to monitor if their personal information is found on the dark web. To that end, scans for new dark web breaches will be stopped on January 15, 2026,...
EUVD-2018-8250
Malware in sbrugna...
EUVD-2022-42724
Malicious code in bioql PyPI...
CVE-2022-3337
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/lock-warp-switch feature being enabled on Zero Trust Platform. This led to...
CVE-2024-9531 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email Sending
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvxsentdeactivationrequest' function in all versions up to, and including, 4.2.4. This makes it possible f...
WordPress MultiVendorX plugin <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email Sending vulnerability
Missing Authorization to Forged Vendor Profile Deletion Email Sending vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin MultiVendorX versions = 4.2.4...
Syncovery For Linux Web-GUI Authenticated Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'json' class MetasploitModule 'Syncovery For Linux Web-GUI Authenticated Remote Command Execution', 'Description' = %q This module exploits an authenticated...
Cross-Site Request Forgery (CSRF) in pkp/omp
✍️ Description Attacker or malicious user is able to delete any user profile photo if a logged in user visits attacker website. because lack of CSRF token 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally your profile photo deleted...
File.com Fat Client Code Issue Vulnerability
File.com Fat Client is a fat client application from US-based File.com. A code issue vulnerability exists in Files.com Fat Client 3.3.6 that allows bypassing authentication because the client still has access after logging out and deleting the login profile...
Sql injection
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php...
CVE-2018-16410
CVE-2018-16410 affects Vanilla before 2.6.1 and allows SQL injection via an invitationID array to /profile/deleteInvitation. The vulnerability relates to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. According to CVSS, ...
DigitalSellz: USER Account is not being deleted after user "Delete Account" from DASHBOARD
Hello, There is an option on DigitalSellz USER DASHBOARD called "Delete Account" https://www.digitalsellz.com/user//profile I tried to used this feature, i deleted my account with two simple clicks. than i visited my Public Profile link https://www.digitalsellz.com/publicprofile/PROFILE ID or...