CVE-2020-0497

In canUseBiometric of BiometricServiceBase, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158481661...

CVE-2020-0453

In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...

CVE-2018-9384

In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2010-1967

Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown vectors...

Checkmk 安全漏洞

Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk versions prior to 2.4.0p1, prior to 2.3.0p32, prior to 2.2.0p42, and 2.1.0p49 and earlier, which stems from improper permissions on the automated proxy update package and could lead to a local...

wire-webapp 安全漏洞

wire-webapp is an open source application from Wire Swiss. A security vulnerability exists in wire-webapp versions prior to 2025-05-14-production.0, which stems from a failure of the local data deletion functionality, which may result in data being left behind...

SAMSUNG Flow 安全漏洞

SAMSUNG Flow is a software product from the South Korean company Samsung SAMSUNG. It is used to enable a seamless, secure, and connected experience on devices. A security vulnerability exists in SAMSUNG Flow versions prior to 4.9.17.6, which stems from improper input validation and could allow a...

PT-2025-20056 · Samsung · Samsung Flow

Name of the Vulnerable Software and Affected Versions: Samsung Flow versions prior to 4.9.17.6 Description: The issue is related to improper input validation, allowing local attackers to access data within Samsung Flow. Recommendations: For versions prior to 4.9.17.6, update to version 4.9.17.6 o...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets, which stems from a lack of privilege checking and could lead to the disclosure of local information...

MediaTek Chipsets 安全漏洞

MediaTek Chipsets is a series of chips from Chinese company MediaTek. A security vulnerability exists in MediaTek Chipsets, which stems from the lack of a SELinux policy and could lead to the disclosure of local information...

Elastic Agent和Elastic Security Endpoint 安全漏洞

Elastic Agent and Elastic Security Endpoint are both products of the Dutch company Elastic.Elastic Agent is a single agent. Logs, metrics, traces, availability, security and other data can be collected from each host.Elastic Security Endpoint is an Endpoint Detection and Response EDR solution bui...

Local Data Quantity-Aware Weighted Averaging for Federated Learning with Dishonest Clients

Whitepaper called Local Data Quantity-Aware Weighted Averaging For Federated Learning With Dishonest Clients...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via fields of RichText field type, in DOMDocumentFactory. A user with edit permission can read server files by injecting malicious XML content. Details XXE Injection is a type of attack against an...

CVE-2025-29808

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally...

CVE-2025-20938

Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts...

MediaTek Chipsets 安全漏洞

MediaTek Chipsets is a series of chips from China's MediaTek Corporation MediaTek. A security vulnerability exists in MediaTek Chipsets, which stems from a lack of boundary checking and could lead to the disclosure of local information...

CVE-2025-0418 Valmet DNA user passwords in plain text

Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords...

Advanced XSS Exploitation - Capturing User Local Storage Data

In this paper, the author teaches advanced persistent cross site scripting techniques that can be used to capture data from the client's local storage and send it to an external server. The paper is primarily focusing on a pentesting perspective but also discusses mitigations. Written in Brazilia...

Security Bulletin: IBM Partner Engagement Manager is vulnerable to sensitive data exposure (CVE-2022-34354)

Summary IBM Sterling Partner Engagement Manager has addressed a client HTML5 vulnerability that allows encrypted storage of client data to be stored locally which can be read by another user on the system. Vulnerability Details CVEID:CVE-2022-34354 DESCRIPTION: IBM Sterling Partner Engagement...

External Control of File Name or Path

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to External Control of File Name or Path through the /read-examples endpoint. An attacker can read any local JSON file, containing API keys by sending a crafted POST...