Lucene search
K

29 matches found

Vulnrichment
Vulnrichment
added 2026/06/24 8:29 p.m.6 views

CVE-2026-11998 AngularJS XSS via SCE resource URL sanitization bypass

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 8:29 p.m.14 views

CVE-2026-11998

CVE-2026-11998 affects AngularJS SCE (Strict Contextual Escaping) resource URLs. The flaw stems from the URL-matching logic using regular expressions, which can yield partial matches and bypass SCE policies, allowing unsafe values as resource URLs and potentially arbitrary JavaScript execution wi...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/02 4:53 p.m.33 views

CVE-2025-47385 Improper Access Control for Register Interface in SCE-Mink

Memory Corruption when accessing trusted execution environment without proper privilege check...

7.8CVSS0.00069EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 4:53 p.m.31 views

CVE-2025-47385

CVE-2025-47385 involves memory corruption when accessing the Trusted Execution Environment (TEE) via the SCE-Mink register interface, due to improper privilege checks. Connected CVE records corroborate an improper access-control issue in the SCE-Mink component, with CVSSv3.1 score 7.8 (HIGH): loc...

7.8CVSS6.1AI score0.00069EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:36 a.m.12 views

CVE-2024-34520

An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing the 'add user' feature, by bypassing client-side access controls...

8.8CVSS6.7AI score0.00361EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/04 3:19 a.m.4 views

CVE-2025-27074 Incorrect Calculation of Buffer Size in SCE-Mink

Memory corruption while processing a GP command response...

8.8CVSS6.8AI score0.00081EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.6 views

PT-2025-44923

Name of the Vulnerable Software and Affected Versions SCE-Mink affected versions not specified Description A memory corruption issue exists when processing a GP command response. The root cause is an incorrect calculation of the buffer size. There is no information available regarding the number ...

8.8CVSS7AI score0.00081EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-29536

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.00764EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-4577

Malicious code in bioql PyPI...

3.5CVSS6.6AI score0.00561EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:11 p.m.9 views

CVE-2022-24661

A vulnerability has been identified in Simcenter STAR-CCM+ Viewer All versions V2022.1. The starview+.exe contains a memory corruption vulnerability while parsing specially crafted .SCE files. This could allow an attacker to execute code in the context of the current process...

7.8CVSS7.2AI score0.00764EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 1:39 p.m.4 views

CVE-2024-34521

A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an administrative user to access system files with the file permissions of the privileged system user running the application...

3.5CVSS6.7AI score0.00561EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 11:15 p.m.9 views

CVE-2024-34521

A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an administrative user to access system files with the file permissions of the privileged system user running the application...

3.5CVSS0.00561EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 11:15 p.m.11 views

CVE-2024-34520

An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing the 'add user' feature, by bypassing client-side access controls...

8.8CVSS0.00361EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/12 12:0 a.m.7 views

CVE-2024-34520

An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing the 'add user' feature, by bypassing client-side access controls...

8.6AI score0.00361EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/12 12:0 a.m.3 views

CVE-2024-34521

A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an administrative user to access system files with the file permissions of the privileged system user running the application...

4AI score0.00561EPSS
Exploits0References1
CVE
CVE
added 2025/02/12 12:0 a.m.67 views

CVE-2024-34521

The CVE-2024-34521 entry describes a directory traversal vulnerability in the Mavenir SCE Application Provisioning Portal (PORTAL-LBS-R_1_0_24_0). The underlying issue allows an administrative user to access system files using the privileges of the running application process. Affected component ...

3.5CVSS6.8AI score0.00561EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/12 12:0 a.m.11 views

CVE-2024-34520

An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing the 'add user' feature, by bypassing client-side access controls...

0.00361EPSS
Exploits0References1
CVE
CVE
added 2025/02/12 12:0 a.m.58 views

CVE-2024-34520

The CVE-2024-34520 issue affects the Mavenir SCE Application Provisioning Portal (PORTAL-LBS-R_1_0_24_0). The vulnerability is an authorization bypass in which an authenticated guest can perform unauthorized administrative actions (e.g., access to the create/add user functionality) by bypassing c...

8.8CVSS6.8AI score0.00361EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/12 12:0 a.m.11 views

CVE-2024-34521

A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an administrative user to access system files with the file permissions of the privileged system user running the application...

0.00561EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/02 12:0 a.m.5 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a post-release reuse issue contained in the SCE-Mink component...

8.4CVSS6.6AI score0.00125EPSS
Exploits0References3
Rows per page
Query Builder