CVE-2025-67819

CVE-2025-67819 affects Weaviate OSS up to version 1.33.4. The issue is caused by lack of validation of the fileName field in the transfer logic, enabling an attacker who can invoke the GetFile method while a shard is in the “Pause file activity” state and the FileReplicationService is reachable t...

PT-2025-50958

Name of the Vulnerable Software and Affected Versions Weaviate OSS versions prior to 1.33.4 Description A flaw exists in Weaviate OSS that allows an attacker to read arbitrary files accessible to the service process. This occurs because of insufficient validation of the fileName field during file...

CVE-2025-67819

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

CVE-2025-36889

In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36889

CVE-2025-36889 is a local information-disclosure vulnerability affecting Google Pixel devices in the Camera2 path. The issue arises in onCreateTasks of CameraActivity.java where a permission bypass due to a confused deputy could allow information disclosure without requiring additional execution ...

CVE-2025-36889

In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36889

In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Improper Export of Android Application Components

Overview Affected versions of this package are vulnerable to Improper Export of Android Application Components via the UCropActivity component in the AndroidManifest.xml file. An attacker can gain unauthorized access to application components by crafting malicious local intents. Remediation There...

CVE-2025-14517 Yalantis uCrop AndroidManifest.xml UCropActivity  improper export of android application components

A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android application components. The attack can only be executed locally. The exploit has been publicly disclosed...

CVE-2025-65820

An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...

PT-2025-50697

In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-202626

An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...

CVE-2025-65820

An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...

CVE-2025-65820

An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...

MAL-2025-192433 Malicious code in mws-common-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c1ca345fe8bb8298e9adc0920dea67d420dd5c57f79004c058df12bc365f016 The package mws-common-ui was found to contain malicious code. Source: ghsa-malware 935da08d8dffad1e28679a7043038425705e76dff3808c50361e8a67d02c55f8...

Malicious code in vue2-amis-custom-widget123 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 027b467c811b36f60dc7589ccd8251ffc56de7f40345d6a471a3a550a2a8df7e The package vue2-amis-custom-widget123 was found to contain malicious code. Source: ossf-package-analysis...

CVE-2025-65820

Meatmeet Android Mobile Application 1.1.2.0 is affected by CVE-2025-65820. An exported activity can spawn a hidden page listing devices, including unreleased ones, enabling attackers to gain insight into unreleased Meatmeet devices. The CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H...

CVE-2025-65820

An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...

Meatmeet Pro App 安全漏洞

Meatmeet Pro App is a meat product purchasing application from Meatmeet, Inc. A security vulnerability exists in Meatmeet Pro App version 1.1.2.0, which stems from an export activity that could result in accessing a hidden page, potentially revealing unpublished device information...

Google Android Privilege Bypass Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a privilege bypass vulnerability that can be exploited by an attacker to cause activities to be launched from the background and local elevation of privilege...