CVE-2025-0202

A vulnerability was found in TCS BaNCS 10. It has been classified as problematic. This affects an unknown part of the file /REPORTS/REPORTSSHOWFILE.jsp. The manipulation of the argument FilePath leads to file inclusion. The real existence of this vulnerability is still doubted at the moment...

MTN Group: Ability to Add and Verify Uncontrolled Mobile Numbers Leading to Account Takeover (ATO)

The vulnerability allowed attackers to manipulate the OTP verification response to bypass the OTP check and link an uncontrolled mobile number to the victim's account. This led to an account takeover scenario where the attacker gained full access to the victim's account without controlling the...

CVE-2024-2135 Bdtask Hospita AutoManager Hospital Activities Page form cross site scripting

A vulnerability was found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This issue affects some unknown processing of the file /hospitalactivities/birth/form of the component Hospital Activities Page. The manipulation of the argument Description with the input leads ...

hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service DoS via manipulation of the first two parameters...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...

Vote power can be manipulated to propose and/or pass needed proposals

Lines of code Vulnerability details Impact The PartyGovernance contract is susceptible to vote manipulation, as an attacker could potentially acquire a substantial loan, even without collateral, within a single block before submitting a proposal. The voting process solely considers this particula...

CVE-2023-29752

An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component...

CVE-2023-28325

An improper authorization vulnerability exists in Rocket.Chat 6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room...

CVE-2017-20179 InSTEDD Pollit tour_controller.rb TourController Privilege Escalation

A vulnerability was found in InSTEDD Pollit 2.3.1. It has been rated as critical. This issue affects the function TourController of the file app/controllers/tourcontroller.rb. The manipulation leads to an unknown weakness. The attack may be initiated remotely. Upgrading to version 2.3.2 is able t...

CVE-2020-36660 paxswill EVE Ship Replacement Program User Information api.py information disclosure

A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may ...

Design/Logic Flaw

WP Cerber before 8.9.3 allows MFA bypass via wordpressloggedinhash manipulation...

CVE-2021-20999

In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped...

Ubuntu: Security Advisory (USN-2506-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SA12708] Mozilla Firefox Download Directory File Deletion Vulnerability

TITLE: Mozilla Firefox Download Directory File Deletion Vulnerability SECUNIA ADVISORY ID: SA12708 VERIFY ADVISORY: http://secunia.com/advisories/12708/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: Mozilla Firefox 0.x http://secunia.com/product/3256/...