CVE-2021-0547

In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional...

CVE-2021-0603

In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...

CVE-2021-0571

In ActivityTaskManagerService.startActivity and AppTaskImpl.startActivity of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privilege...

CVE-2021-0445

In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9Android I...

CVE-2016-10891

The aryo-activity-log plugin before 2.3.3 for WordPress has XSS...

CVE-2022-38832

School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit=...

CVE-2022-38269

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/modstudent/index.php?view=edit=...

CVE-2022-42818

This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity...

CVE-2025-13853

creationtimestamp| type| source ---|---|--- 2026-01-09 10:36:09+00:00| seen| https://gist.github.com/Darkcrai86/fe9da8ad386ef0ee804e85f69fcdf78e 2026-01-09 11:04:13+00:00| seen| Telegram/hGok3FHgWgbXq-4QwRuv2kdh52nqy5VuUREmY2DmSo70XhI 2026-01-09 11:34:25+00:00| seen|...

CVE-2025-13900

creationtimestamp| type| source ---|---|--- 2026-01-09 10:35:44+00:00| seen| https://gist.github.com/Darkcrai86/4671d9553bf62f51ef849931062b58ff 2026-01-09 11:04:13+00:00| seen| Telegram/hGok3FHgWgbXq-4QwRuv2kdh52nqy5VuUREmY2DmSo70XhI 2026-01-09 11:34:00+00:00| seen|...

CVE-2026-0699

A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/editactivity.php. Performing a manipulation of the argument activityid results in sql injection. Remote exploitation of the attack is possible. The exploi...

CVE-2019-2173

In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2024-41504

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS. In the "Oportunidades" opportunities section of the application when creating or editing an "Atividade" activity, the form field "Descrico" allows injection of JavaScript...

CVE-2023-50905

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1...

CVE-2025-11877

The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ualshookwploginfailed' lacks a capability check and writes failed usernames directly into updateoption calls. This makes it possible for unauthenticated attacker...

Exploit for CVE-2025-11877

CVE-2025-11877 User Activity Log - Unauthenticated Limited...

EUVD-2026-1659

A vulnerability was detected in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /intern/admin/addactivity.php. Performing a manipulation of the argument Title results in sql injection. Remote exploitation of the attack is possible. The exploit is...

CVE-2026-0729

A vulnerability was detected in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /intern/admin/addactivity.php. Performing a manipulation of the argument Title results in sql injection. Remote exploitation of the attack is possible. The exploit is...

Ghost has SQL Injection in Members Activity Feed

Impact A vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. Vulnerable versions This vulnerability is present in Ghost v5.90.0 to v5.130.5 to and Ghost v6.0.0 to v6.10.3. Patches v5.130.6 and...

GHSA-GJRP-XGMH-X9QQ Ghost has SQL Injection in Members Activity Feed

Impact A vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. Vulnerable versions This vulnerability is present in Ghost v5.90.0 to v5.130.5 to and Ghost v6.0.0 to v6.10.3. Patches v5.130.6 and...