51 matches found
External Control of Critical State Data
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to External Control of Critical State Data in the CLI routing process after failed service resolution, where Bonjour and DNS-SD TXT metadata could still influence the chosen target. An...
CVE-2023-45824
OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...
GHSA-FG6F-75JQ-6523 Authlib has 1-click Account Takeover vulnerability
Security Advisory: Cache-Backed State Storage CSRF in Authlib The Security Labs team at Snyk has reported a security issue affecting Authlib, identified during a recent research project. The Snyk Security Labs team has identified a vulnerability that can result in a one-click account takeover in...
CVE-2025-68158
Authlib’s OAuth/OpenID Connect implementation is affected in versions
Linux Distros Unpatched Vulnerability : CVE-2025-68158
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied...
EUVD-2018-0266
Malware in sbrugna...
EUVD-2022-27301
Malicious code in bioql PyPI...
EUVD-2024-43562
Malicious code in bioql PyPI...
EUVD-2024-1018
Malicious code in bioql PyPI...
EUVD-2024-19944
Malicious code in bioql PyPI...
EUVD-2025-15849
Malicious code in bioql PyPI...
CVE-2023-0575
External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...
CVE-2025-48018
An authenticated user can modify application state data...
PT-2025-22154 · Schweitzer Engineering Laboratories · Sel-5030 Acselerator Quickset
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An authenticated user can modify application state data. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...
CVE-2024-49837
Memory corruption while reading CPU state data during guest VM suspend...
CVE-2024-49837
Memory corruption while reading CPU state data during guest VM suspend...
CVE-2024-49837
CVE-2024-49837 affects Qualcomm chipsets; memory corruption occurs when reading CPU state data during guest VM suspend in affected hardware. Root cause described as improper handling during VM suspend that can corrupt memory, with CVSS 3.1 base score 7.8 (High impact, local access, low attack com...
CVE-2023-45824
The CVE-2023-45824 issue affects OroPlatform (PHP BAP). A logged-in user can access page state data of pinned pages belonging to other users by using a pageId hash. Publicly documented details indicate this affects OroPlatform versions across multiple lines: 4.2.0–4.2.10, 5.0.0–5.0.12, and 5.1.0–...
PT-2024-13289 · Unknown · Oroplatform
Name of the Vulnerable Software and Affected Versions: OroPlatform versions prior to 5.1.4 Description: A logged in user can access page state data of pinned pages of other users by pageId hash. This issue allows unauthorized access to sensitive information. Recommendations: For versions prior to...
CVE-2023-20016
A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup...