An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation. Assigner : cve@mitre.org More information : https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through 1.9.8. Assigner : audit@patchstack.com More information : https://patchstack.com/database/wordpress/plugin/contact-forms/vulnerability/wordpress-contact-forms-by-cimatti-plugin-1-9-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx. Assigner : cve@mitre.org More information : https://github.com/intruderlabs/cvex/tree/main/Carestream/session-token-in-url
Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code. Assigner : cve@mitre.org More...
Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter. Assigner : cve@mitre.org More information : https://github.com/intruderlabs/cvex/blob/main/Pixeon/WebLaudos/Directory-Traversal/README.md
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php. Assigner : cve@mitre.org More information : https://github.com/osTicket/osTicket
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025Â could lead to a remote code execution. Assigner : 3DS.Information-Security@3ds.com More information : https://www.3ds.com/vulnerability/advisories
In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft...
In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for...
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation. Assigner : cve@mitre.org More information : https://semiconductor.samsung.com/support/quality-support/product-security-updates/
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component. Assigner : cve@mitre.org More information : https://github.com/intruderlabs/cvex/tree/main/Carestream/session-token-in-url
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=…`), versions of SignXML prior to 4.0.4...
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=…`), versions of SignXML prior to 4.0.4...
A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary...