259 matches found
Kura Sushi Official App 信任管理问题漏洞
Kura Sushi Official App is a mobile reservation and membership service app for Kura Sushi restaurants across Japan. The app has vulnerabilities related to trust management, stemming from improper certificate verification. These vulnerabilities may allow for interception by intermediaries or the...
Inside a fake Google security check that becomes a browser RAT
A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...
CVE-2026-0816
The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'deleteid' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2026-0816 All push notification for WP <= 1.5.3 - Authenticated (Administrator+) SQL Injection via 'delete_id' Parameter
The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'deleteid' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2026-0816
The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'deleteid' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2026-0816 All push notification for WP <= 1.5.3 - Authenticated (Administrator+) SQL Injection via 'delete_id' Parameter
The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'deleteid' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
PT-2026-6022
Name of the Vulnerable Software and Affected Versions All push notification for WP versions up to and including 1.5.3 Description The All push notification for WP plugin for WordPress is susceptible to time-based SQL Injection via the delete id parameter. This is due to inadequate escaping of...
CVE-2026-23964
Mastodon vendor: Mastodon server (ActivityPub). Vulnerability CVE-2026-23964 is an insecure direct object reference in the web push subscription update endpoint affecting versions < 4.5.5, < 4.4.12, and
CVE-2025-23771
Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a through = 2.11...
WordPress Push Notification for Post and BuddyPress plugin <= 2.07 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Push Notification for Post and BuddyPress versions = 2.07...
CVE-2025-59209
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally...
EUVD-2025-34291
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally...
CVE-2025-59211
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally...
CVE-2025-59209
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally...
CVE-2025-59209
CVE-2025-59209 is listed by NCSC as a vulnerability in Windows Push Notification Core that can lead to unauthorized disclosure of sensitive data locally. The advisory table assigns it a base impact of access to sensitive data (CVSS-like 5.5) with local attack vector. No specific patch/version rem...
CVE-2025-59209 Windows Push Notification Information Disclosure Vulnerability
...
CVE-2025-59209 Windows Push Notification Information Disclosure Vulnerability
...
CVE-2025-59211 Windows Push Notification Information Disclosure Vulnerability
...
CVE-2025-59211 Windows Push Notification Information Disclosure Vulnerability
...
CVE-2025-59211
CVE-2025-59211 concerns exposure of sensitive information to an unauthorized actor in Windows Push Notification Core, enabling an attacker with local access to disclose information. The initial entry identifies a local attack vector with a medium base score (CVSS 3.1: AV=L, AC=L, PR=L, UI=N, S=U,...