CVE-2019-9407

In notification management of the service manager, there is a possible permissions bypass. This could lead to local escalation of privilege by preventing user notification, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:...

CVE-2019-8711

A logic issue existed with the display of notification previews. This issue was addressed with improved validation. This issue is fixed in iOS 13. Notification previews may show on Bluetooth accessories even when previews are disabled...

CVE-2019-2216

In overlay notifications, there is a possible hidden notification due to improper input validation. This could lead to a local escalation of privilege because the user is not notified of an overlaying app, with User execution privileges needed. User interaction is needed for exploitation.Product:...

CVE-2019-18981

Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification...

CVE-2019-13031

LemonLDAP::NG before 1.9.20 has an XML External Entity XXE issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule...

CVE-2018-21048

An issue was discovered on Samsung mobile devices with O8.x software. There is a Notification leak on a locked device in Standalone Dex mode. The Samsung ID is SVE-2018-12925 November 2018...

CVE-2019-10459

Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

BELL-CVE-2025-37940

Bulletin has no description...

CVE-2019-1003044

A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2010-4760

Open Ticket Request System OTRS before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket...

CVE-2016-11027

An issue was discovered on Samsung mobile devices with M6.0 software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016-7132 December 2016...

nodejs:22 security update

nodejs 1:22.15.0-1 - Update to 22.15.0 - Drop upstream patches Resolves: RHEL-87319 RHEL-86586 1:22.13.1-4 - Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87319 1:22.13.1-3 - Update c-ares to newest version with fix for CVE-2025-31498 Resolves: RHEL-86586 1:22.13.1-2 - Remove obsolete lua...

TP-LINK Tapo 安全漏洞

TP-LINK Tapo is a series of secure WiFi cameras from China P&L TP-LINK. A security vulnerability exists in TP-LINK Tapo versions prior to 3.10.513, which stems from a low battery notification that could lead to a user of a shared device gaining full power settings access...

MCP Server Detected

This is an informational notice that the scanner was able to detect a Model Context Protocol MCP HTTP server using SSE or Streamable-HTTP transport mode on the target server. No source data...

RHSA-2024:4724

creationtimestamp| type| source ---|---|--- 2025-05-21 01:45:15+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17098...

SUSE CVE-2025-37953

In the Linux kernel, the following vulnerability has been resolved: schhtb: make htbdeactivate idempotent Alan reported a NULL pointer dereference in htbnextrbnode after we made htbqlennotify idempotent. It turns out in the following case it introduced some regression: htbdequeuetree: |-...

UBUNTU-CVE-2025-37932

In the Linux kernel, the following vulnerability has been resolved: schhtb: make htbqlennotify idempotent htbqlennotify always deactivates the HTB class and in fact could trigger a warning if it is already deactivated. Therefore, it is not idempotent and not friendly to its callers, like...

GHSA-MJ2C-8HXF-FFVQ Cocotais Bot has builtin .echo command injection

Summary A command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized user can use the /echo command to cause the bot to send a message that mentions all members in the chat, bypassing any...

Cocotais Bot has builtin .echo command injection

Summary A command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized user can use the /echo command to cause the bot to send a message that mentions all members in the chat, bypassing any...

CVE-2025-48127

Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app push-notification-mobile-and-web-app allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push notification for Mobile and Web app: from n/a through = 2.0.3...