There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user...
7.1CVSS
6.8AI Score
0.0004EPSS
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user...
3.3CVSS
4.1AI Score
0.0004EPSS
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user...
7.1CVSS
6.8AI Score
0.0004EPSS
A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP...
7.5CVSS
7.5AI Score
0.001EPSS
In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be...
7.8CVSS
7.5AI Score
0.0004EPSS
OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return...
5.5CVSS
5.4AI Score
0.0004EPSS
The Samsung A5 Android device with a build fingerprint of samsung/a5y17ltexx/a5y17lte:8.0.0/R16NW/A520FXXS8CSC5:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps.....
7.8CVSS
7.3AI Score
0.0004EPSS
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password...
8.8CVSS
8.8AI Score
0.004EPSS
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG...
5.4CVSS
5.2AI Score
0.001EPSS
index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a...
5.4CVSS
5.1AI Score
0.001EPSS
On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the...
9.8CVSS
9.5AI Score
0.004EPSS
Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID...
7.5CVSS
7.4AI Score
0.006EPSS