32 matches found
CVE-2026-8879 CVE-2026-8879
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...
CVE-2025-65820
An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...
EUVD-2025-202626
An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...
CVE-2025-65820
An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...
CVE-2025-65820
An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...
CVE-2025-65820
Meatmeet Android Mobile Application 1.1.2.0 is affected by CVE-2025-65820. An exported activity can spawn a hidden page listing devices, including unreleased ones, enabling attackers to gain insight into unreleased Meatmeet devices. The CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H...
Meatmeet Pro App 安全漏洞
Meatmeet Pro App is a meat product purchasing application from Meatmeet, Inc. A security vulnerability exists in Meatmeet Pro App version 1.1.2.0, which stems from an export activity that could result in accessing a hidden page, potentially revealing unpublished device information...
PT-2025-50495
Name of the Vulnerable Software and Affected Versions Meatmeet Android Mobile Application version 1.1.2.0 Description An exported activity within the application can be initiated, revealing a hidden page. This page displays devices, including two that have not been publicly released. An attacker...
CVE-2025-65820
An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...
CVE-2025-65820
An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...
EUVD-2021-34740
Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite...
IBM Cognos Analytics Certified Containers 安全漏洞
IBM Cognos Analytics Certified Containers is a suite of business intelligence software from International Business Machines IBM. A security vulnerability exists in IBM Cognos Analytics Certified Containers version 12.1.0 that stems from the presence of a hidden page that could lead to the...
firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack...
Grocy 安全漏洞
Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A security vulnerability exists in Grocy version 4.3.0 and earlier, which stems from an attacker being able to obtain sensitive information by directly requesting a page that is not displayed in the user...
CVE-2024-33626
The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive information, such as the WiFi WPS PIN, through a hidden page accessible by an HTTP request. Disclosure of this information could enable attackers to connect to the...
PT-2024-25385 · Levelone · Levelone Wbr-6012
Name of the Vulnerable Software and Affected Versions: LevelOne WBR-6012 router affected versions not specified Description: The issue concerns a vulnerability within the web application of the router, allowing unauthenticated disclosure of sensitive information. This includes the WiFi WPS PIN,...
LevelOne WBR-6012 信息泄露漏洞
The LevelOne WBR-6012 is a wireless router from LevelOne. An information disclosure vulnerability exists in the LevelOne WBR-6012, which originates from a hidden page accessed via an HTTP request that can disclose sensitive information without authentication...
PT-2024-23870 · Unknown · Changing Mobile One Time Password
Name of the Vulnerable Software and Affected Versions: CHANGING Mobile One Time Password affected versions not specified Description: The issue concerns a lack of proper file type filtering in the uploading function of a hidden page within CHANGING Mobile One Time Password. This allows remote...
CHANGING Mobile One Time Password Code Issue Vulnerability
CHANGING Mobile One Time Password is a password management application from the Chinese company CHANGING Mobile. It is used to set one-time passwords for authentication or transactions. A code issue vulnerability exists in CHANGING Mobile One Time Password, which stems from the upload function on...
CVE-2024-27202
A DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...