A path traversal issue potentially leading to remote code execution in Genie for all versions prior to...
9.9CVSS
7.7AI Score
0.0004EPSS
The Bug Genie 2.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/svn_integration/config.inc.php and certain other...
6.3AI Score
0.002EPSS
All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. The installer of the macOS version of Netgear Genie handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which the software is going to be.....
7.8CVSS
7.5AI Score
0.0004EPSS
The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF in place when updating the favicon, which could allow attackers to make a logged in admin change it via a CSRF...
6.5CVSS
6.3AI Score
0.001EPSS
The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session...
7.5CVSS
7.5AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.002EPSS
The Akinator the Genie FREE (aka com.digidust.elokence.akinator.freemium) application 2.46 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS