Lucene search
K

9932 matches found

EUVD
EUVD
added 2026/06/01 3:24 p.m.12 views

EUVD-2026-33690

Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data. This issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 3:24 p.m.29 views

CVE-2026-42673 WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin <= 3.3.6 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data. This issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from...

7.5CVSS0.00245EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2026/06/01 9:30 a.m.19 views

Websites Can Now Spy on You Through Your Hard Drive

Thanks to the newly detailed FROST technique, telltale SSD activity can be measured in the browser using simple JavaScript...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.13 views

PT-2026-45603

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A logic error in the onNullBinding function of HostEmulationManager.java allows an activity to be launched from the background. This issue could result in a loca...

7.8CVSS5.8AI score0.00071EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45592

In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00075EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from a logical error in the onNullBinding function within HostEmulationManager.java. This vulnerability may lead to activities being initiate...

7.8CVSS5.6AI score0.00071EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from a lack of null value checks in the onCreate function within DisableSupervisionActivity.kt. This vulnerability may lead to local privileg...

6.8CVSS5.2AI score0.00075EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45460

Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data. This issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45561

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...

7CVSS5.8AI score0.00382EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.37 views

PT-2026-45602

In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00068EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

WordPress plugin Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. WordPress plugins are additional applications that can b...

7.5CVSS5.5AI score0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

nanobot 代码问题漏洞

Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.2.1 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing issues in the Microsoft Teams channel processing program. This could allow...

7CVSS5.5AI score0.00382EPSS
Exploits0References4
OSV
OSV
added 2026/06/01 12:0 a.m.10 views

ASB-A-385917501

In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS5.9AI score0.00071EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.15 views

ASB-A-476417007

In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.8CVSS5.9AI score0.00075EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.14 views

ASB-A-467082881

In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch bal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00082EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/30 4:25 p.m.23 views

Malicious code in cms-storehub (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dda5fa0b4771a3299568c8dd8d17d5663d9c8ae782b8c71f4a2baf0ce1f8e5ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/29 10:34 p.m.9 views

GHSA-27P4-PJQV-WHGJ praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership

Summary Type: Insecure Direct Object Reference. The GET /workspaces/workspaceid/issues/issueid/activity endpoint is gated by requireworkspacememberworkspaceid and dispatches to ActivityService.listforissueissueid, which executes SELECT FROM activity WHERE issueid = :issueid with no workspace...

6.5CVSS5.8AI score0.00032EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/29 10:34 p.m.31 views

praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership

Summary Type: Insecure Direct Object Reference. The GET /workspaces/workspaceid/issues/issueid/activity endpoint is gated by requireworkspacememberworkspaceid and dispatches to ActivityService.listforissueissueid, which executes SELECT FROM activity WHERE issueid = :issueid with no workspace...

5.8AI score0.00032EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 4:58 p.m.12 views

CVE-2026-5768 Fourth Frontier Frontier X Mobile Application, Frontier X2 Missing Authentication for Critical Function

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...

8.8CVSS5.8AI score0.0028EPSS
Exploits0References3
NVD
NVD
added 2026/05/29 4:16 p.m.16 views

CVE-2018-25392

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the logactivity function. Attackers can send POST requests to /index.php/user/logactivity with malicious SQL code in...

7.1CVSS0.00273EPSS
Exploits0References4
Rows per page
Query Builder