8 matches found
EUVD-2024-39386
Malicious code in bioql PyPI...
CVE-2025-27454
The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitting a web request that they did not intend. The request uses the victim's browser's saved authorization to execute the request...
CVE-2024-42000
Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 and 10.0.x = 10.0.0 fail to properly authorize the requests to /api/v4/channels which allows a User or System Manager, with "Read Groups" permission but with no access for channels to retrieve details about private channels that...
CVE-2022-35865
This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of...
A Vulnerability Disclosure Program is not just a page on a web site
It’s great to see an increasing number of organisations starting down the path of a Vulnerability Disclosure Program or ‘VDP,’ but it increasingly strikes me that these are ‘check box’ exercises rather than a genuine desire to interact positively with researchers and improve security. A VDP is a...
CVE-2019-9831
The AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service system hang via many simultaneous /?Key=PhoneRequestAuthorization requests...
CVE-2019-9601
The ApowerManager application through 3.1.7 for Android allows remote attackers to cause a denial of service via many simultaneous /?Key=PhoneRequestAuthorization requests...
Multiple Schneider Electric Products CGI Request Authorization Bypass Vulnerability
Schneider Electric Modicon M340, etc. are programmable logic controller products of Schneider Electric France. A security vulnerability exists in several Schneider Electric products. A remote attacker could exploit the vulnerability by sending a specially crafted request to execute arbitrary code...