7 matches found
EUVD-2023-44261
Malicious code in bioql PyPI...
CVE-2023-4617
CVE-2023-4617 describes an incorrect authorization vulnerability in the Govee Home application (Android and iOS) that is exploitable via the HTTP POST method. A remote attacker can manipulate the request fields—device , sku , and type —to gain control of devices owned by other users. Affected ver...
CVE-2023-3612
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...
CVE-2023-3612
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...
CVE-2023-3612 Unprotected WebView access in Govee Home App
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...
CVE-2023-3612 Unprotected WebView access in Govee Home App
Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...
PT-2023-25434 · Govee · Govee Home
Name of the Vulnerable Software and Affected Versions: Govee Home app affected versions not specified Description: The Govee Home app has unprotected access to the WebView component, which can be opened by any app on the device. By sending a URL to a specially crafted site, an attacker can execut...