IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values…

Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn’t have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request…

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can’t…

An XSS exists in automation controller UI where the project name is susceptible to XSS injection Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için…

Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This…

A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the…

In the SEPolicy configuration of system apps, there is a possible access to the ‘ip’ utility due to an insecure default value. This could lead…

In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to…

In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This…

In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with…