230 matches found
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in the Huawei HarmonyOS notification service, which can be exploited by attackers to cause availability to be...
Exploit for Server-Side Request Forgery in Useplunk Plunk
CVE-2026-32096 SSRF via unvalidated AWS SNS SubscriptionCon...
CVE-2026-32096 Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns
Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery SSRF vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to an...
CVE-2024-26477
CVE-2024-26477 affects Statping-ng v0.91.0. An issue allows an attacker to obtain sensitive information through crafted requests to the api parameter of the oauth, amazon_sns, and export endpoints, leading to information disclosure. This vulnerability is documented across multiple sources (Red Ha...
GHSA-2VGV-HGV4-22MH Gitea improperly exposes issue and pull request titles
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
Gitea improperly exposes issue and pull request titles
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
CVE-2026-20800
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
CVE-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
pipesns (=0.1.5) potentially affected by unknown CVE via aws-sdk-sns (=0.4.1)
aws-sdk-sns CARGO version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on aws-sdk-sns and may be impacted: - pipesns =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...
PT-2025-50802
Name of the Vulnerable Software and Affected Versions ADM versions 4.1.0 through 4.3.3.RKD2 ADM versions 5.0.0 through 5.1.0.RN42 Description An improperly validated TLS/SSL certificate when sending emails to an SMTP server via msmtp allows an attacker intercepting network traffic to execute a...
CVE-2025-48584
In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48576
In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
CVE-2025-48576
In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
CVE-2025-48576
CVE-2025-48576 affects Android’s framework component NotificationManagerService.java, specifically the function updateNotificationChannelGroupFromPrivilegedListener. The issue is a possible permanent denial of service caused by resource exhaustion, leading to local DoS with no additional executio...
CVE-2025-59500
Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network...
EUVD-2025-35746
Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network...
CVE-2025-59500
Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network...
CVE-2025-59500 Azure Notification Service Elevation of Privilege Vulnerability
...
CVE-2025-59500 Azure Notification Service Elevation of Privilege Vulnerability
...
CVE-2025-59500
CVE-2025-59500 is an elevation-of-privilege issue affecting the Azure Notification Service due to improper access control. The connected documents consistently describe privilege escalation over a network via this service. Affected component is Azure Notification Service; root cause is access-con...