Lucene search
K

19 matches found

EUVD
EUVD
added 2026/03/03 10:16 p.m.6 views

EUVD-2026-9332

AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting XSS vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received emails on an alias, the HTML content is rendered in ...

9.3CVSS5.8AI score0.00239EPSS
Exploits0References3
CVE
CVE
added 2026/03/03 10:16 p.m.16 views

CVE-2026-26266

AliasVault Web Client versions ≤ 0.25.3 are affected by a stored XSS in the email rendering feature. HTML content of emails viewed in an alias is rendered in an iframe via srcdoc, which lacks origin isolation, allowing a crafted email containing JavaScript to execute in the application's origin w...

9.3CVSS5.8AI score0.00239EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.6 views

AliasVault 跨站脚本漏洞

AliasVault is an open-source password manager developed by AliasVault. Versions of AliasVault prior to 0.25.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from the email rendering feature, where HTML content was rendered using srcdoc within an iframe without proper...

9.3CVSS5.6AI score0.00239EPSS
Exploits0References3
OSV
OSV
added 2026/02/23 5:32 a.m.6 views

CVE-2026-2974 AliasVault App Backup aliasvault.xml backup

A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...

2CVSS5AI score0.00099EPSS
Exploits0References11
NVD
NVD
added 2026/01/14 5:16 p.m.6 views

CVE-2026-22694

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

6.1CVSS0.0011EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/14 4:32 p.m.4 views

EUVD-2026-2679

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

6.1CVSS5.9AI score0.0011EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.5 views

PT-2026-2917

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

6.1CVSS6.4AI score0.0011EPSS
Exploits0References6
Snyk
Snyk
added 2025/12/08 4:41 p.m.1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /api/v1/user endpoint. An attacker can gain unauthorized access and create arbitrary accounts by sending specially crafted requests. Remediation Upgrade github.com/usememos/memos/server/router/api/v1 to...

7.5CVSS7AI score0.00223EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/08 4:41 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the IdentityProvider service. An attacker can gain unauthorized access to modify or delete registered identity providers by leveraging low-level privileges, potentially resulting in account takeover or service...

7.1CVSS7AI score0.00245EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/08 4:40 p.m.2 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource when handling attachments. An attacker can modify or delete files belonging to other users by sending crafted requests with low-level privileges. Remediation Upgrade...

5.4CVSS6.5AI score0.00156EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/11/17 12:0 a.m.3 views

Fedora 43 : xmedcon (2025-977a26e133)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-977a26e133 advisory. upgraded to 0.25.3 fixes open bugs, CVEs, etc Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

7.5CVSS5.1AI score0.00563EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/17 12:0 a.m.3 views

Fedora 42 : xmedcon (2025-805b8f571a)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-805b8f571a advisory. upgraded to 0.25.3 fixes open bugs, CVEs, etc Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

7.5CVSS5.1AI score0.00563EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/17 12:0 a.m.4 views

Fedora 41 : xmedcon (2025-9d4a8ab586)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-9d4a8ab586 advisory. upgraded to 0.25.3 fixes open bugs, CVEs, etc Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

7.5CVSS5.1AI score0.00563EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/03/16 2:48 a.m.3 views

SUSE CVE-2025-27616

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to ...

8.5CVSS6.7AI score0.00246EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2022/12/27 12:0 a.m.462 views

Enlightenment 0.25.3 Privilege Escalation

Title: Enlightenment Version: 0.25.3 LPE Author: nu11secur1ty Date: 12.26.2022 Vendor: https://www.enlightenment.org/ Software: https://www.enlightenment.org/download Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2022-37706 Description: The Enlightenment Version: 0.25.3 is...

0.7AI score0.05486EPSS
Exploits15
0day.today
0day.today
added 2022/10/06 12:0 a.m.682 views

Ubuntu 22.04.1 X64 Desktop Enlightenment 0.25.3-1 Privilege Escalation Exploit

This Metasploit module exploits a command injection within Enlightenment's enlightenmentsys binary. This is done by calling the mount command and feeding it paths which meet all of the system requirements, but execute a specific path as well due to a semi-colon being used. This module was tested ...

7.8CVSS8.2AI score0.05486EPSS
Exploits15
CNVD
CNVD
added 2017/07/28 12:0 a.m.6 views

Shotwell Information Disclosure Vulnerability

Shotwell is a Linux-based photo management software for the GNOME desktop environment. An information disclosure vulnerability exists in Shotwell versions 0.24.4 and earlier and 0.25.3 and earlier. An attacker can exploit this vulnerability to obtain information...

7.5CVSS6.2AI score0.01209EPSS
Exploits0References1
Prion
Prion
added 2017/07/17 1:18 p.m.12 views

Information disclosure

Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission...

5CVSS7.3AI score0.01209EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/07/13 8:0 p.m.13 views

CVE-2017-1000024

Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission...

7.3AI score0.01209EPSS
Exploits0References1
Rows per page
Query Builder