CWE-354: CWE-354

This vulnerability in some Xiaomi devices allows attackers to achieve privilege escalation by exploiting insufficient parameter validation in third-pa...

This vulnerability allows authenticated administrators on F5 BIG-IP systems running in Appliance mode to bypass security restrictions due to a missing...

This vulnerability allows attackers to upload malicious firmware to Snap One OvrC Pro devices due to insufficient signature validation. Only MD5 hash ...

This vulnerability in the containers/image library allows attackers to trigger authenticated registry accesses on behalf of victims, potentially leadi...

This vulnerability in Jenkins Pipeline: Groovy Plugin allows attackers with Item/Build permission to rebuild previous builds using unapproved Jenkinsf...

This vulnerability in go-tuf allows attackers to perform rollback attacks, causing clients to install older, potentially vulnerable software versions ...

This CVE describes an ASAR integrity bypass vulnerability in Electron that allows attackers to modify application files and potentially execute arbitr...

This vulnerability allows a local attacker to execute arbitrary code on systems with the TOTOLINK A600UB Bluetooth Wireless Adapter driver installer. ...

This vulnerability in IBM Security Secret Server (IBM Security Verify Privilege Manager 10.8.2) allows a local user to execute arbitrary code due to i...

The Hoppscotch Browser Extension vulnerability allows any website to send messages to the extension and receive responses, bypassing CORS restrictions...

A logic flaw in httpsig-hyper versions before 0.0.23 causes digest verification to always succeed regardless of actual digest values, allowing message...

This vulnerability allows remote attackers to cause denial of service (DoS) in FRRouting and Pica8 PICOS systems by sending specially crafted BGP upda...

This vulnerability affects Siemens SCALANCE industrial network switches with OSPF enabled. An unauthenticated remote attacker can send specially craft...

This vulnerability in MediaTek WIFI Firmware allows remote attackers to cause a system crash (denial of service) without authentication or user intera...

This vulnerability in Zoom Client for MacOS allows attackers to downgrade users to older, less secure versions during the update process. It affects M...

CVE-2022-22253 is an integrity check validation vulnerability in Huawei's DFX module that could allow attackers to compromise system stability. This a...

This vulnerability in Listary allows attackers to intercept software updates via man-in-the-middle (MITM) attacks due to insecure HTTP connections and...

This vulnerability in Huawei smartphones allows attackers to bypass integrity checks, potentially causing system resets. It affects Huawei smartphone ...

This vulnerability in Zoom Rooms for Windows allows authenticated local users to escalate their privileges on the system. Attackers with standard user...

This vulnerability allows attackers with administrative privileges to execute arbitrary operating system commands on affected NEC Aterm routers by sen...

TensorFlow is vulnerable to shape validation flaws in multiple operations, allowing attackers to trigger undefined behavior including crashes or poten...

This vulnerability in Huawei products allows attackers to physically install malware due to insufficient integrity checks in a specific module. Exploi...

This vulnerability allows physical attackers to bypass disk encryption on Diebold Nixdorf ATMs by manipulating the /etc/mtab file during the Pre-Boot ...

This vulnerability allows authenticated attackers with Read/Write system maintenance permissions to install corrupted firmware images on FortiNDR devi...

This vulnerability allows attackers to intercept SSH traffic and drop specific packets, potentially downgrading or disabling security features in Apac...

NVIDIA DGX Spark GB10 systems contain a vulnerability in SROOT firmware where improper integrity validation could allow attackers to access sensitive ...

The Contact Form 7 WordPress plugin has an order replay vulnerability that allows unauthenticated attackers to reuse a single Stripe PaymentIntent for...

A data integrity vulnerability in go-git versions before 5.16.5 fails to properly verify checksums for .pack and .idx files, potentially allowing corr...

This vulnerability allows attackers to bypass firmware downgrade protection on affected Lexmark printers, potentially enabling them to install older, ...

An improper validation vulnerability in Zscaler Client Connector on macOS allows attackers to cause denial of service by crashing the client binary, w...

A locally authenticated non-admin user can bypass security controls in Palo Alto Networks Prisma Browser by exploiting insufficient input validation. ...