CVE-2026-56422 MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields

Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...

AVTECH Room Alert Cleartext Storage of Sensitive Information (CVE-2024-33470)

When an administrator authenticates with the device and browses the settings pages, the SMTP password is loaded from the device and presented in the DOM in plaintext. When settings are saved, the SMTP credentials are sent back to the device in plain text. This allows an actor with administrative...

CVE-2022-35983

TensorFlow is an open source platform for machine learning. If Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. Th...

PT-2025-46274

Name of the Vulnerable Software and Affected Versions WP Custom Admin Login Page Logo plugin for WordPress versions prior to 1.4.8.5 Description The plugin is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the wpclpl save functionality. This allows...

EUVD-2022-3377

Malicious code in bioql PyPI...

CVE-2019-15570

BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters...

WordPress plugin Cookie Consent for WP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

K14734: Apache HTTP server vulnerability CVE-2013-2249

Security Advisory Description modsessiondbd.c in the modsessiondbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors...

GHSA-M6VP-8Q9J-WHX4 TensorFlow vulnerable to `CHECK` fail in `Save` and `SaveSlices`

Impact If Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf filename = tf.constant"" tensornames = tf.constant"" Save data = tf.casttf.random.uniformshape=1,...

CVE-2022-35983

TensorFlow is an open source platform for machine learning. If Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. Th...

GHSA-9GV2-2M38-J6CX BEdita vulnerable to SQL injection

BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters due to a lack of JSON escaping...

CVE-2019-15570

BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters...

CVE-2019-15570

BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters...

Sql injection

BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters...

CVE-2019-15570

BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters...

SugarCRM (WorkFlow module) PHP Code Injection Vulnerability

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. A PHP code...

SugarCRM (WorkFlow module) PHP Code Injection Vulnerability

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. A PHP code...

Microsoft Office: Show OneDrive Sign In

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013skydrivesignin.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Show OneDrive Sign In Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

CSRF vulnerability in icms backend

iCMS is an efficient content management system for small and medium-sized websites. A csrf vulnerability exists in the latest version of iCMS. Because the token is not validated in the /app/admincp/account.app.php dosave operation, an attacker can modify the administrator account password by...

The vulnerability of the Microsoft Office software package, which allows a perpetrator to obtain confidential information

The vulnerability of the Microsoft Office application framework in Visual Basic relates to the export of a secret key from the certificate storage during document saving operations. Exploiting this vulnerability could allow an attacker, operating remotely, to obtain confidential information using...