DRUPAL-CONTRIB-2026-002

This module allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the "administer permissions" permission. The module contains an access bypass vulnerability when used in combination with the Views Bulk Operations module. A user...

EUVD-2023-26162

Malicious code in bioql PyPI...

CVE-2023-21997

Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Proxy User Delegation. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User...

User loss his delegated voting power after delegation to another user.

Lines of code Vulnerability details Vulnerability Details When a user delegate voting power to another user, his previous voting power from delegation has been ignored at getVotingPowerAt since in case isDelegated is true getVotingPowerAt returns 0. Impact Delegated voting power cannot be utilize...

Signatures can be replayed in castVoteWithReasonAndParamsBySig() to use up more votes than a user intended

Lines of code Vulnerability details Bug Description In the SecurityCouncilNomineeElectionGovernor and SecurityCouncilMemberElectionGovernor contracts, users can provide a signature to allow someone else to vote on their behalf using the castVoteWithReasonAndParamsBySig function, which is in...

Users can vote infinitely via delegation

Lines of code Vulnerability details Summary GaugeControllervoteforgaugeweights is designed to allow users to vote for gauge rewards based on the amount of $CANTO they have locked in the VotingEscrow contract. VotingEscrow includes functionality for users to delegate their voting power to another...

If user has delegated someone when locktime expires his tokens will be stuck forever.

Lines of code Vulnerability details Impact tokens will be stuck forever if user's locktime expired when his delegatee someone differant than him. Because he cannot withdraw his money also he cannot delegate himself too because his lock expired.Also he cannot use increaseamount for lockexpired and...

The vulnerability of the Proxy User Delegation sub-component of the Oracle User Management component in the Oracle E-Business Suite system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Proxy User Delegation sub-component of the Oracle User Management component in the Oracle E-Business Suite automation system for enterprise activities is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remote...

CVE-2023-21997

Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Proxy User Delegation. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User...

Semrush: IDOR allows information disclosure

A vulnerability in the Social Media Inbox tool's task tracker allowed information disclosure. The tool enables linking social accounts to oversee content and engage audiences. Its task tracker lets users delegate messages to colleagues. It was found a user could assign messages to any user ID,...

A malicious delegatee can always block the delegator from undelegating the lock

Lines of code Vulnerability details Impact A user who has delegated his/hers voting power to a delegatee can break his/hers delegate only by submitting a lock with a higher expiration time than the delegatee after a successful call to increaseUnlockTime function. After that, he has to call the...

The vulnerability of the Proxy User Delegation sub-component of the Oracle User Management component in the Oracle E-Business Suite allows a perpetrator to gain access to data for reading purposes.

The vulnerability of the Proxy User Delegation sub-component of the Oracle User Management component in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data through HTTP...

CVE-2021-2017

Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Proxy User Delegation. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Us...

CVE-2018-2691

Vulnerability in the Oracle User Management component of Oracle E-Business Suite subcomponent: Proxy User Delegation. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows low privileged attacker with network access via...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2018-02403)

Oracle E-Business Suite is based on the original Application ERP expansion, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management, and so on a variety of management software collection, is a seamless integration of a management suite. An...

CVE-2014-8143: Elevation of privilege to Active Directory Domain Controller

Description Samba's AD DC allows the administrator to delegate creation of user or computer accounts to specific users or groups. However, all released versions of Samba's AD DC did not implement the additional required check on the UFSERVERTRUSTACCOUNT bit in the userAccountControl attributes. A...