Lucene search
K

23 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-13514

A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...

2.4CVSS0.00133EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/18 12:41 a.m.6 views

CVE-2026-28673 xiaoheiFS Vulnerable to RCE via Unrestricted Plugin Installation (Manifest Manipulation)

xiaoheiFS is a self-hosted financial and operational system for cloud service businesses. In versions up to and including 0.3.15, the standard plugin system allows admins to upload a ZIP file containing a binary and a manifest.json. The server trusts the binaries field in the manifest and execute...

7.2CVSS5.9AI score0.0059EPSS
Exploits1References1
OSV
OSV
added 2026/02/27 4:3 p.m.3 views

GHSA-R492-HJGH-C9GW Vitess users with backup storage access can write to arbitrary file paths on restore

Impact Anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is ...

9.3CVSS6.1AI score0.00402EPSS
Exploits0References6
Snyk
Snyk
added 2026/02/26 6:18 a.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fullPath function in the builtinbackupengine.go file. An attacker can write files to arbitrary locations on the file system by manipulating backup manifest files if they have read/write access to the backup...

9.3CVSS7.7AI score0.00402EPSS
Exploits0References2
NVD
NVD
added 2026/02/26 2:16 a.m.9 views

CVE-2026-27969

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...

9.3CVSS0.00402EPSS
Exploits0References3
OSV
OSV
added 2026/02/26 1:52 a.m.2 views

CVE-2026-27969 Vitess users with backup storage access can write to arbitrary file paths on restore

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...

9.3CVSS6.1AI score0.00402EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 8:46 p.m.2 views

Malicious code in fadhil-gandul44-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9620d614f64d75554a9dd389b87b54c510794caae875822a8236bd2929bb1b5f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27409

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00122EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25110

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00155EPSS
Exploits0References5
NVD
NVD
added 2025/08/29 9:15 p.m.3 views

CVE-2025-9675

A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can lead to improper export of android application components. It is possible to launch t...

5.5CVSS0.00246EPSS
Exploits1References5
OSV
OSV
added 2025/08/29 9:15 p.m.3 views

CVE-2025-9676

A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack...

5.5CVSS5.6AI score0.0025EPSS
Exploits1References5
NVD
NVD
added 2025/08/29 8:15 p.m.5 views

CVE-2025-9671

A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application components. The attack needs to be launched...

5.3CVSS0.00122EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/29 12:0 a.m.7 views

PT-2025-35308

Name of the Vulnerable Software and Affected Versions: UAB Paytend App versions up to 2.1.9 Description: A weakness exists in UAB Paytend App that can lead to improper export of Android application components. The issue impacts an unknown function of the AndroidManifest.xml file within the...

5.3CVSS5AI score0.00122EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.12 views

PT-2025-33720 · Unknown +1 · Busbahnbim +2

Name of the Vulnerable Software and Affected Versions: Verkehrsauskunft Österreich SmartRide versions up to 12.1.1258 cleVVVer versions up to 12.1.1258 BusBahnBim versions up to 12.1.1258 Description: A vulnerability exists related to the improper export of Android application components due to...

5.3CVSS5.1AI score0.00257EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2025/05/17 3:2 a.m.2 views

SUSE CVE-2025-1975

A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service DoS attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can...

7.5CVSS6.8AI score0.00426EPSS
Exploits1References4
CVE
CVE
added 2024/04/01 2:31 p.m.43 views

CVE-2024-3128

CVE-2024-3128 affects Replify-Messenger 1.0 on Android, due to an issue in the Backup File Handler’s processing of androidmanifest.xml that can expose backup files to an unauthorized control sphere. The vulnerability enables attack on the physical device; the exploit has been disclosed publicly. ...

2.4CVSS3.6AI score0.00267EPSS
Exploits0References4
OSV
OSV
added 2024/03/10 11:15 p.m.4 views

CVE-2024-2364

A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch...

4.6CVSS4.7AI score0.00333EPSS
Exploits1References3
Akamai Blog
Akamai Blog
added 2020/10/11 10:0 p.m.49 views

Computing at the Edge

Welcome to the Akamai October 2020 Update - a week of product updates, new features, and innovations. We'll be highlighting a different area of our portfolio each day this week. In today's post, we look at our enhanced edge computing capabilities and how they help developers more effectively and...

Exploits0
Akamai Blog
Akamai Blog
added 2020/04/20 1:0 p.m.72 views

Ensuring Business Continuity During Peak Times: 6 Recommendations to Optimize Streaming and Download Bandwidth Usage

A sudden and dramatic surge in internet traffic, much of which is driven by video streaming and game and software download events, is testing network infrastructures with unprecedented volume. The 30% increase in global traffic Akamai delivered from the edge during the past month, compared to the...

6.8AI score
Exploits0
OSV
OSV
added 2019/12/17 6:15 p.m.3 views

UBUNTU-CVE-2014-8179

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...

7.5CVSS7.1AI score0.02733EPSS
Exploits0References2
Rows per page
Query Builder