CWE-840: CWE-840

This vulnerability allows attackers to bypass Bluetooth authentication on certain Huawei Smart Screen products, potentially accessing restricted funct...

This vulnerability in GitLab EE/CE allows attackers to track users' browsing activities through a flaw that could lead to full account takeover. It af...

libcurl incorrectly reuses TLS/SSH connections when security settings have changed, potentially allowing sensitive data to be transmitted over less se...

This vulnerability allows attackers to trick libcurl applications into using a malicious client certificate instead of the intended one when running i...

This vulnerability in Snipe-IT allows attackers to bypass authentication by reusing old sessions even after the login enable function is activated. It...

The Gallery module in affected Huawei products contains an EXTRA_REFERRER resource read vulnerability that allows unauthorized access to sensitive inf...

This CVE describes an information management vulnerability in Huawei's Gallery module that could allow unauthorized access to sensitive information. T...

This CVE describes an S3 bucket takeover vulnerability in the h2oai/h2o-3 repository where the 'http://s3.amazonaws.com/h2o-training' bucket was vulne...

This vulnerability in H2O allows attackers to take over S3 bucket URLs by exploiting a reference to a bucket that no longer exists. This affects syste...

This CVE describes a cracking vulnerability in the OS security module of Huawei devices running HarmonyOS. Successful exploitation could allow attacke...

This vulnerability in Keycloak's token exchange flow allows disabled users to obtain valid access and refresh tokens, enabling unauthorized access to ...

A permission management vulnerability in Huawei device lock screen modules could allow unauthorized access to protected services. This affects Huawei ...

This CVE describes a privilege escalation vulnerability in Huawei's NMS (Network Management System) module. Attackers could exploit this to gain eleva...

A business logic error in certain Zoom Workplace applications allows unauthenticated attackers to access sensitive information via network access. Thi...

This CVE describes a business logic error in Adobe Commerce that allows attackers to bypass security features and modify limited data without user int...

A critical business logic vulnerability in ATM Banking 1.0 allows attackers with local access to manipulate deposit/withdrawal functions, potentially ...

This vulnerability in Bdtask Bhojon Restaurant Management System allows attackers to manipulate checkout parameters (orggrandTotal/vat/service_charge/...

This vulnerability in Bdtask Bhojon All-In-One Restaurant Management System allows attackers to manipulate price calculations through the add-to-cart ...

This vulnerability in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5 allows attackers to manipulate checkout parameters (orde...

A business logic vulnerability in linlinjava litemall up to version 1.8.0 allows remote attackers to manipulate the 'litemall_express_freight_min' par...

This vulnerability in the springboot-openai-chatgpt component allows remote attackers to manipulate the question counting functionality, potentially d...

This vulnerability in the CoinGate PrestaShop plugin allows remote attackers to cause business logic errors in payment processing. It affects PrestaSh...

A race condition vulnerability in Huawei's security control module could allow attackers to disrupt system availability through timing-based attacks. ...