CVE-2023-38265

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...

CVE-2023-38265

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...

CVE-2023-38265

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...

CVE-2025-36911

In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote proximal/adjacent information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-26830

Malicious code in bioql PyPI...

CVE-2025-32347

In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

Transsion Holdings Infinix Mobile devices 安全漏洞

Transsion Holdings Infinix Mobile devices are a range of mobile devices from Transsion Holdings, a Chinese company. A security vulnerability exists in the Transsion Holdings Infinix Mobile devices, which stems from the pre-installed com.rlk.weathers application exposing an unprotected content...

PT-2024-17855 · Infinix · Infinix Mobile

Name of the Vulnerable Software and Affected Versions: Infinix devices affected versions not specified Description: The issue concerns a pre-loaded application com.rlk.weathers that exposes an unsecured content provider, allowing an attacker to communicate with the provider and reveal the user's...

CVE-2024-54491

The issue was resolved by sanitizing logging This issue is fixed in macOS Sequoia 15.2. A malicious application may be able to determine a user's current location...

Apple macOS 安全漏洞

Apple macOS is a set of specialized operating systems developed for Mac computers by the American company Apple Apple. A security vulnerability exists in Apple macOS Sequoia versions prior to 15.2. An attacker exploiting the vulnerability could determine the user's current location...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS before 18.1 and Apple iPadOS before 18.1. An attacker could exploit the vulnerabili...

CVE-2024-54491

The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. A malicious application may be able to determine a user's current location...

CVE-2024-54491

The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. A malicious application may be able to determine a user's current location...

PT-2025-3029 · Apple · Macos Sonoma +3

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.7.2 macOS Sequoia versions prior to 15.2 macOS Ventura versions prior to 13.7.2 Description: A privacy issue was addressed with improved private data redaction for log entries. This issue may allow an app to...

CVE-2024-43814 goTenna Pro ATAK Plugin Insertion of Sensitive Information Into Sent Data

The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information PLI updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated encryption before a mission may accidentally...

CVE-2023-48335 WordPress Hide login page plugin <= 1.1.9 - Secret Login Page Location Disclosure on Multisites vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login page: from n/a through 1.1.9...

About the security content of iOS 17.5 and iPadOS 17.5

About the security content of iOS 17.5 and iPadOS 17.5 This document describes the security content of iOS 17.5 and iPadOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

Apple iOS 和 iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and iPadOS contain a security vulnerability. An attacker could exploit this vulnerability to determi...

Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560fB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Panel.SmokeLoader Vulnerability: Cross Site Request Forgery CSRF - Persistent XSS Family:...

The vulnerability in the accessibility components of iOS and iPadOS operating systems allows attackers to gain access to the user’s location.

The vulnerability of the Accessibility component in iOS and iPadOS operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to gain access to the user’s location...