16 matches found
CVE-2018-14085
An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, an Ethereum token. First, suppose that the owner adds the evil contract address to his sweepers. The evil contract looks like this: contract Exploit uint public start; function...
EUVD-2019-2106
Malware in sbrugna...
EUVD-2019-2105
Malware in sbrugna...
EUVD-2018-5448
Malware in sbrugna...
EUVD-2018-6007
Malware in sbrugna...
EUVD-2018-5698
Malware in sbrugna...
EUVD-2018-5449
Malware in sbrugna...
EUVD-2022-4458
Malicious code in bioql PyPI...
EUVD-2021-30007
Malicious code in bioql PyPI...
EUVD-2024-17997
Malicious code in bioql PyPI...
CVE-2025-53106 Graylog vulnerable to privilege escalation through API tokens
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the...
CVE-2022-34093
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting XSS vulnerability via accesstoken.php...
CVE-2024-12570
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's CIJOBTOKEN to obtain a GitLab session token belonging to the victim...
PT-2024-24124 · Unknown · Dolibarr Erp/Crm
Name of the Vulnerable Software and Affected Versions: Dolibarr ERP CRM versions 19.0.0 and before Description: The issue allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover. Thi...
CVE-2022-24892 Multiple valid tokens for password reset in Shopware
Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's account if they someh...
McAfee Total Protection Elevation of Privilege Vulnerability
McAfee Total Protection MTP is a one-stop security suite. An elevation of privilege vulnerability exists in McAfee Total Protection prior to version 16.0.32. An attacker could exploit this vulnerability to elevate privileges by emulating a client token...