29 matches found
CVE-2026-11998 AngularJS XSS via SCE resource URL sanitization bypass
A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...
CVE-2026-11998
CVE-2026-11998 affects AngularJS SCE (Strict Contextual Escaping) resource URLs. The flaw stems from the URL-matching logic using regular expressions, which can yield partial matches and bypass SCE policies, allowing unsafe values as resource URLs and potentially arbitrary JavaScript execution wi...
CVE-2025-47385 Improper Access Control for Register Interface in SCE-Mink
Memory Corruption when accessing trusted execution environment without proper privilege check...
CVE-2025-47385
CVE-2025-47385 involves memory corruption when accessing the Trusted Execution Environment (TEE) via the SCE-Mink register interface, due to improper privilege checks. Connected CVE records corroborate an improper access-control issue in the SCE-Mink component, with CVSSv3.1 score 7.8 (HIGH): loc...
CVE-2024-34520
An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing the 'add user' feature, by bypassing client-side access controls...
CVE-2025-27074 Incorrect Calculation of Buffer Size in SCE-Mink
Memory corruption while processing a GP command response...
PT-2025-44923
Name of the Vulnerable Software and Affected Versions SCE-Mink affected versions not specified Description A memory corruption issue exists when processing a GP command response. The root cause is an incorrect calculation of the buffer size. There is no information available regarding the number ...
EUVD-2022-29536
Malicious code in bioql PyPI...
EUVD-2025-4577
Malicious code in bioql PyPI...
CVE-2022-24661
A vulnerability has been identified in Simcenter STAR-CCM+ Viewer All versions V2022.1. The starview+.exe contains a memory corruption vulnerability while parsing specially crafted .SCE files. This could allow an attacker to execute code in the context of the current process...
CVE-2024-34521
A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an administrative user to access system files with the file permissions of the privileged system user running the application...
CVE-2024-34521
A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an administrative user to access system files with the file permissions of the privileged system user running the application...
CVE-2024-34520
An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing the 'add user' feature, by bypassing client-side access controls...
CVE-2024-34520
An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing the 'add user' feature, by bypassing client-side access controls...
CVE-2024-34521
A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an administrative user to access system files with the file permissions of the privileged system user running the application...
CVE-2024-34521
The CVE-2024-34521 entry describes a directory traversal vulnerability in the Mavenir SCE Application Provisioning Portal (PORTAL-LBS-R_1_0_24_0). The underlying issue allows an administrative user to access system files using the privileges of the running application process. Affected component ...
CVE-2024-34520
An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing the 'add user' feature, by bypassing client-side access controls...
CVE-2024-34520
The CVE-2024-34520 issue affects the Mavenir SCE Application Provisioning Portal (PORTAL-LBS-R_1_0_24_0). The vulnerability is an authorization bypass in which an authenticated guest can perform unauthorized administrative actions (e.g., access to the create/add user functionality) by bypassing c...
CVE-2024-34521
A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an administrative user to access system files with the file permissions of the privileged system user running the application...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a post-release reuse issue contained in the SCE-Mink component...