| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In affected versions, vulnerability-lookup did not track or limit failed
One-Time Password (OTP) attempts during Two-Factor Authentication (2FA)
verification. An attacker who already knew or guessed a valid username
and password could submit an arbitrary number of OTP codes without
causing the account to be locked or generating any specific alert for
administrators.
This lack of rate-limiting and lockout on OTP failures significantly
lowers the cost of online brute-force attacks against 2FA codes and
increases the risk of successful account takeover, especially if OTP
entropy is reduced (e.g. short numeric codes, user reuse, or predictable
tokens). Additionally, administrators had no direct visibility into
accounts experiencing repeated 2FA failures, making targeted attacks
harder to detect and investigate.
The patch introduces a persistent failed_otp_attempts counter on user
accounts, locks the user after 5 invalid OTP submissions, resets the
counter on successful verification, and surfaces failed 2FA attempts in
the admin user list. This enforces an account lockout policy for OTP
brute-force attempts and improves monitoring capabilities for suspicious
2FA activity.This issue affects Vulnerability-Lookup: before 2.18.0. |
| Some endpoints in vulnerability-lookup that modified
application state (e.g. changing database entries, user data,
configurations, or other privileged actions) may have been accessible
via HTTP GET requests without requiring a CSRF token. This flaw leaves
the application vulnerable to Cross-Site Request Forgery (CSRF) attacks:
an attacker who tricks a logged-in user into visiting a malicious
website could cause the user’s browser to issue GET requests that
perform unintended state-changing operations in the context of their
authenticated session.
Because the server would treat these GET requests as valid (since no
CSRF protection or POST method enforcement was in place), the attacker
could exploit this to escalate privileges, change settings, or carry out
other unauthorized actions without needing the user’s explicit consent
or awareness.
The fix ensures that all state-changing endpoints now require HTTP POST
requests and include a valid CSRF token. This enforces that state
changes cannot be triggered by arbitrary cross-site GET requests. This issue affects Vulnerability-Lookup: before 2.18.0. |
| In affected versions, vulnerability-lookup handled user-controlled
content in comments and bundles in an unsafe way, which could lead to
stored Cross-Site Scripting (XSS).
On the backend, the related_vulnerabilities field of bundles accepted
arbitrary strings without format validation or proper sanitization. On
the frontend, comment and bundle descriptions were converted from
Markdown to HTML and then injected directly into the DOM using string
templates and innerHTML. This combination allowed an attacker who could
create or edit comments or bundles to store crafted HTML/JavaScript
payloads which would later be rendered and executed in the browser of
any user visiting the affected profile page (user.html).
This issue affects Vulnerability-Lookup: before 2.18.0. |
| Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could result in a high impact to confidentiality and a low impact to integrity, while availability remains unaffected. |
| A race condition exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility (LTV) sensors.
There is no indication of exploitation of these issues in the wild. Our threat hunting and intelligence team are actively monitoring for exploitation and we maintain visibility into any such attempts.
The Falcon sensor for Mac, the Falcon sensor for Linux and the Falcon sensor for Legacy Systems are not impacted by this.
CrowdStrike was made aware of this issue through our HackerOne bug bounty program. It was discovered by Cong Cheng and responsibly disclosed. |
| A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility (LTV) sensors.
There is no indication of exploitation of these issues in the wild. Our threat hunting and intelligence teams are actively monitoring for exploitation and we maintain visibility into any such attempts.
The Falcon sensor for Mac, the Falcon sensor for Linux and the Falcon sensor for Legacy Systems are not impacted by this.
CrowdStrike was made aware of this issue through our HackerOne bug bounty program. It was discovered by Cong Cheng and responsibly disclosed. |
| MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions
granted by the user to the main application bundle. An attacker with local user access can
invoke this interpreter with arbitrary commands or scripts, leveraging the
application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Poedit, potentially disguising attacker's malicious intent.
This issue has been fixed in 3.6.3 version of Poedit. |
| A vulnerability was found in Mechrevo Control Console 1.0.2.70. It has been rated as critical. Affected by this issue is some unknown functionality in the library C:\Program Files\OEM\MECHREVO Control Center\UniwillService\MyControlCenter\csCAPI.dll of the component GCUService. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. |
| A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot. |
| UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. |
| Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. |
| A vulnerability, which was classified as problematic, was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This affects an unknown part of the file /api/GylOperator/LoadData. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rolantis Information Technologies Agentis allows Reflected XSS, DOM-Based XSS.This issue affects Agentis: before 4.32. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows SQL Injection.This issue affects Agentis: before 4.32. |
| The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the application. |
| A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue. |
| Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, allowing the attacker to steal session cookies, tokens, and other sensitive information. As a result, the vulnerability has a low impact on confidentiality and integrity and no impact on availability. |
| SAPUI5 (and OpenUI5) packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system unresponsiveness due to a blocked processing thread. This vulnerability has no impact on confidentiality or integrity but has a high impact on system availability. |
| SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to insufficient input validation and improper handling of remote method calls. Exploitation does not require user interaction and could lead to service disruption or unauthorized system control. This has high impact on integrity and availability, with no impact on confidentiality. |
| SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application. |
