| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. |
| phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form `+dwPAA;phone-context=AA`, where the "number" part potentially parses as a number larger than 2^56. This vulnerability is fixed in 0.3.6. |
| Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it to a third-party, untrusted site. Note: by itself, this vulnerability does **not** allow an attacker to obtain user credentials, authorization codes, access tokens, refresh tokens, or identity tokens. An attacker could however exploit this vulnerability as part of a phishing attack designed to steal user credentials. This vulnerability is fixed in 7.0.6, 6.3.10, 6.2.5, 6.1.8, and 6.0.5. Duende.IdentityServer 5.1 and earlier and all versions of IdentityServer4 are no longer supported and will not be receiving updates. If upgrading is not possible, use `IUrlHelper.IsLocalUrl` from ASP.NET Core to validate return Urls in user interface code in the IdentityServer host. |
| Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2. |
| Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.
For this to impact an application, all of the following must be true:
* It must be a WebFlux application
* It must be using Spring's static resources support
* It must have a non-permitAll authorization rule applied to the static resources support |
| In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the getuserproperty function allows user's configuration and PII to be stolen. |
| Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack. |
| unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser. |
| Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function. |
| IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode leads the attacker to replay the Wi-Fi packets and forcefully turn off the access point after the authentication token has expired. |
| A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. |
| A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts. |
| A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts. |
| A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout. |
| Insecure Direct Object Reference (IDOR) vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability is present in the endpoint 'api.1millionbot.com/api/public/conversations/' and, if exploited, could allow a remote attacker to access other users private chatbot conversations, revealing sensitive or confidential data without requiring credentials or impersonating users. In order for the vulnerability to be exploited, the attacker must have the user's conversation ID. |
| A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page. |
| Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls. |
| Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key.
Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use.
This key is intended for encrypting credit card transaction data. |
| XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related to malicious DTD files where an attacker to craft a malicious XML file that loads a DTD that causes XML Notepad to make outbound HTTP/SMB requests, potentially leaking local file contents or capturing the victim's NTLM credentials. This issue has been patched in version 2.9.0.21. |
