19 matches found
EUVD-2026-9332
AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting XSS vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received emails on an alias, the HTML content is rendered in ...
CVE-2026-26266
AliasVault Web Client versions ≤ 0.25.3 are affected by a stored XSS in the email rendering feature. HTML content of emails viewed in an alias is rendered in an iframe via srcdoc, which lacks origin isolation, allowing a crafted email containing JavaScript to execute in the application's origin w...
AliasVault 跨站脚本漏洞
AliasVault is an open-source password manager developed by AliasVault. Versions of AliasVault prior to 0.25.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from the email rendering feature, where HTML content was rendered using srcdoc within an iframe without proper...
CVE-2026-2974 AliasVault App Backup aliasvault.xml backup
A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...
CVE-2026-22694
AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...
EUVD-2026-2679
AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...
PT-2026-2917
AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the /api/v1/user endpoint. An attacker can gain unauthorized access and create arbitrary accounts by sending specially crafted requests. Remediation Upgrade github.com/usememos/memos/server/router/api/v1 to...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the IdentityProvider service. An attacker can gain unauthorized access to modify or delete registered identity providers by leveraging low-level privileges, potentially resulting in account takeover or service...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource when handling attachments. An attacker can modify or delete files belonging to other users by sending crafted requests with low-level privileges. Remediation Upgrade...
Fedora 43 : xmedcon (2025-977a26e133)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-977a26e133 advisory. upgraded to 0.25.3 fixes open bugs, CVEs, etc Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Fedora 42 : xmedcon (2025-805b8f571a)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-805b8f571a advisory. upgraded to 0.25.3 fixes open bugs, CVEs, etc Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Fedora 41 : xmedcon (2025-9d4a8ab586)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-9d4a8ab586 advisory. upgraded to 0.25.3 fixes open bugs, CVEs, etc Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
SUSE CVE-2025-27616
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to ...
Enlightenment 0.25.3 Privilege Escalation
Title: Enlightenment Version: 0.25.3 LPE Author: nu11secur1ty Date: 12.26.2022 Vendor: https://www.enlightenment.org/ Software: https://www.enlightenment.org/download Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2022-37706 Description: The Enlightenment Version: 0.25.3 is...
Ubuntu 22.04.1 X64 Desktop Enlightenment 0.25.3-1 Privilege Escalation Exploit
This Metasploit module exploits a command injection within Enlightenment's enlightenmentsys binary. This is done by calling the mount command and feeding it paths which meet all of the system requirements, but execute a specific path as well due to a semi-colon being used. This module was tested ...
Shotwell Information Disclosure Vulnerability
Shotwell is a Linux-based photo management software for the GNOME desktop environment. An information disclosure vulnerability exists in Shotwell versions 0.24.4 and earlier and 0.25.3 and earlier. An attacker can exploit this vulnerability to obtain information...
Information disclosure
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission...
CVE-2017-1000024
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission...