Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the admin/save.json.php process. An attacker can modify sensitive plugin configurations, such as payment processor credentials o...

CVE-2025-13781

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations...

CVE-2025-13781 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations...

Malicious Package

Overview multi-provider-settings is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

MAL-2025-190553 Malicious code in multi-provider-settings (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35c0e8192bbd1cdf2b9909a202886ff13811a52160d937ae1c0a762a17af288b The package multi-provider-settings was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-197908

Malicious code in multi-provider-settings npm...

CVE-2024-6582

A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The saml.ts file allows a user from one organization to update the Identity Provider IDP settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and...

VMware Aria Operations 安全漏洞

VMware Aria Operations is a unified, AI-driven, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware, Inc. A security vulnerability exists in VMware Aria Operations, which stems from the possibility that a malicious actor capable of editing a...

CVE-2023-21001

In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not neede...

CVE-2023-21001

In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not neede...

PT-2022-14768 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: A missing permission check in the launchConfigNewNetworkFragment of NetworkProviderSettings.java allows a guest user to add a new WiFi network. This could lead to local escalation of privilege with no...

CVE-2022-39339

useroidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account...

Design/Logic Flaw

useroidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account...

Cleartext Transmission of Sensitive Information in user_oidc

None...

CVE-2022-39339 Cleartext Transmission of Sensitive Information in user_oidc

useroidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account...

CVE-2022-20137

In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Produc...

Google Android 权限许可和访问控制问题漏洞

Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android has an elevation of privilege vulnerability that originates in onCreateContextMenu in NetworkProviderSettings.java. Due to a lack of privilege checking, a non-owner user could change...