23 matches found
CVE-2026-13514
A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...
CVE-2026-28673 xiaoheiFS Vulnerable to RCE via Unrestricted Plugin Installation (Manifest Manipulation)
xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the standard plugin system allows admins to upload a ZIP file containing a binary and a manifest.json. The server trusts the binaries field in the manifest and execute...
GHSA-R492-HJGH-C9GW Vitess users with backup storage access can write to arbitrary file paths on restore
Impact Anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is ...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the fullPath function in the builtinbackupengine.go file. An attacker can write files to arbitrary locations on the file system by manipulating backup manifest files if they have read/write access to the backup...
CVE-2026-27969
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...
CVE-2026-27969 Vitess users with backup storage access can write to arbitrary file paths on restore
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...
Malicious code in fadhil-gandul44-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9620d614f64d75554a9dd389b87b54c510794caae875822a8236bd2929bb1b5f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-27409
Malicious code in bioql PyPI...
EUVD-2025-25110
Malicious code in bioql PyPI...
CVE-2025-9675
A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can lead to improper export of android application components. It is possible to launch t...
CVE-2025-9676
A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack...
CVE-2025-9671
A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application components. The attack needs to be launched...
PT-2025-35308
Name of the Vulnerable Software and Affected Versions: UAB Paytend App versions up to 2.1.9 Description: A weakness exists in UAB Paytend App that can lead to improper export of Android application components. The issue impacts an unknown function of the AndroidManifest.xml file within the...
PT-2025-33720 · Unknown +1 · Busbahnbim +2
Name of the Vulnerable Software and Affected Versions: Verkehrsauskunft Österreich SmartRide versions up to 12.1.1258 cleVVVer versions up to 12.1.1258 BusBahnBim versions up to 12.1.1258 Description: A vulnerability exists related to the improper export of Android application components due to...
SUSE CVE-2025-1975
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service DoS attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can...
CVE-2024-3128
CVE-2024-3128 affects Replify-Messenger 1.0 on Android, due to an issue in the Backup File Handler’s processing of androidmanifest.xml that can expose backup files to an unauthorized control sphere. The vulnerability enables attack on the physical device; the exploit has been disclosed publicly. ...
CVE-2024-2364
A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch...
Computing at the Edge
Welcome to the Akamai October 2020 Update - a week of product updates, new features, and innovations. We'll be highlighting a different area of our portfolio each day this week. In today's post, we look at our enhanced edge computing capabilities and how they help developers more effectively and...
Ensuring Business Continuity During Peak Times: 6 Recommendations to Optimize Streaming and Download Bandwidth Usage
A sudden and dramatic surge in internet traffic, much of which is driven by video streaming and game and software download events, is testing network infrastructures with unprecedented volume. The 30% increase in global traffic Akamai delivered from the edge during the past month, compared to the...
UBUNTU-CVE-2014-8179
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...