Lucene search
K

273 matches found

Cvelist
Cvelist
added 2026/06/09 5:6 p.m.31 views

CVE-2026-42969 Windows Push Notification Information Disclosure Vulnerability

...

5.5CVSS0.00388EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 5:6 p.m.7 views

CVE-2026-42969 Windows Push Notification Information Disclosure Vulnerability

...

5.5CVSS5.4AI score0.00388EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.10 views

Windows Push Notification Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...

5.5CVSS6AI score0.00404EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.13 views

Windows Push Notification Information Disclosure Vulnerability

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...

5.5CVSS5.4AI score0.00388EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.12 views

Windows Push Notification Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...

5.5CVSS6AI score0.00459EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.9 views

CVE-2026-8990

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

5.3CVSS5.5AI score0.00207EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 2:16 p.m.17 views

CVE-2026-8990

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

5.3CVSS0.00207EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 1:27 p.m.17 views

CVE-2026-8990 Authentication Bypass in Kidsview

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 1:27 p.m.28 views

CVE-2026-8990

The CVE-2026-8990 entry affects the Kidsview mobile application. A user with physical access can bypass the app’s authentication by interacting with push notifications, granting full access to the device owner’s account. Affected behavior is an authentication bypass via the notification channel, ...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/28 1:27 p.m.32 views

CVE-2026-8990 Authentication Bypass in Kidsview

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

5.3CVSS0.00207EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 1:27 p.m.9 views

CVE-2026-8990

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/28 1:27 p.m.15 views

EUVD-2026-32901

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.18 views

PT-2026-44379

A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with application's push notification. This issue was fixed in version 4.4.3...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 5:21 a.m.38 views

CVE-2026-41872

"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server...

9.1CVSS0.0016EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Kura Sushi Official App 信任管理问题漏洞

Kura Sushi Official App is a mobile reservation and membership service app for Kura Sushi restaurants across Japan. The app has vulnerabilities related to trust management, stemming from improper certificate verification. These vulnerabilities may allow for interception by intermediaries or the...

9.1CVSS7.1AI score0.0016EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/02/27 11:29 a.m.36 views

Inside a fake Google security check that becomes a browser RAT

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...

6.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/05 1:22 p.m.6 views

CVE-2026-0816

The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'deleteid' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

4.9CVSS5.8AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/04 8:25 a.m.30 views

CVE-2026-0816 All push notification for WP <= 1.5.3 - Authenticated (Administrator+) SQL Injection via 'delete_id' Parameter

The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'deleteid' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

4.9CVSS0.00339EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/04 8:25 a.m.2 views

CVE-2026-0816 All push notification for WP <= 1.5.3 - Authenticated (Administrator+) SQL Injection via 'delete_id' Parameter

The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'deleteid' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

4.9CVSS5.8AI score0.00339EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/04 8:25 a.m.3 views

CVE-2026-0816

The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'deleteid' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

4.9CVSS5.8AI score0.00339EPSS
Exploits0References4
Rows per page
Query Builder