CVE-2024-50486

CVE-2024-50486 affects the WordPress plugin Acnoo Flutter API (

CVE-2024-50486 WordPress Acnoo Flutter API plugin <= 1.0.5 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API acnoo-flutter-api allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through = 1.0.5...

CVE-2024-50486 WordPress Acnoo Flutter API plugin <= 1.0.5 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API acnoo-flutter-api allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through = 1.0.5...

PT-2024-34263 · Unknown · Acnoo Flutter Api

Name of the Vulnerable Software and Affected Versions: Acnoo Flutter API versions 1.0.0 through 1.0.5 Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, allowing unauthorized access. This is a problem where the authentication process can be bypassed,...

WordPress plugin Acnoo Flutter API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Acnoo Flutter API plugin <= 1.0.5 - Account Takeover vulnerability

Account Takeover vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Acnoo Flutter API versions = 1.0.5...

WordPress Acnoo Flutter API Plugin <= 1.0.5 is vulnerable to Privilege Escalation

Software Acnoo Flutter API Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-50486 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 69fb59b59cf8 Credits...

CVE-2024-29886

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...

CVE-2024-29887 Serverpod client accepts any certificate

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device...

CVE-2024-29887 Serverpod client accepts any certificate

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device...

CVE-2024-29886 Improved security for stored password hashes

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...

Google Skia Integer Overflow Vulnerability

Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other produc...

VulnCheck KEV: CVE-2023-6345

Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other produc...

CVE-2023-41387

A SQL injection in the flutterdownloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and...

CVE-2023-41387

A SQL injection in the flutterdownloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and...

Flutter Downloader SQL Injection Vulnerability

Flutter Downloader is a plugin for creating and managing download tasks. A security vulnerability exists in Flutter Downloader version 1.11.1 iOS, which stems from the fact that if the application uses the UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace attributes, the framework's...

PT-2023-27938 · Unknown · Flutter Downloader

Name of the Vulnerable Software and Affected Versions: flutter downloader versions 1.11.1 and earlier Description: A SQL injection in the flutter downloader component allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of...

Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes

Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse. The malware "represents a significant shift as it incorporates the malicious components directly within the Flutter code," Fortinet FortiGuard Labs researcher Axelle Apvrille said in a report...

Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes

Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse. The malware "represents a significant shift as it incorporates the malicious components directly within the Flutter code," Fortinet FortiGuard Labs researcher Axelle Apvrille said in a report...

MAL-2023-450 Malicious code in flutter_appsflyer_sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 925db0740f51975e7310d7357f8e32c78cb9d96496fc52915d6eff365500204a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...