Lucene search
+L

740 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:39 a.m.7 views

CVE-2024-31215

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s...

6.3CVSS6.5AI score0.0051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:15 a.m.8 views

CVE-2023-41050

AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use...

7.7CVSS7AI score0.00519EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:59 a.m.9 views

CVE-2023-42261

Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example,...

7.5CVSS7AI score0.00691EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:15 a.m.10 views

CVE-2022-41547

Mobile Security Framework MobSF v0.9.2 and below was discovered to contain a local file inclusion LFI vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request...

7.5CVSS7AI score0.012EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:25 p.m.9 views

CVE-2020-14552

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Security Framework. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromis...

6.8CVSS6.5AI score0.01134EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:43 a.m.8 views

CVE-2017-18588

An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates...

5.3CVSS6.8AI score0.00654EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/21 12:0 a.m.6 views

Securing RAG: a Risk Assessment and Mitigation Framework

Retrieval Augmented Generation RAG has emerged as the de facto industry standard for user-facing NLP applications, offering the ability to integrate data without re-training or fine-tuning Large Language Models LLMs. This capability enhances the quality and accuracy of responses but also introduc...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/07 6:25 p.m.12 views

CVE-2025-46335

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...

8.6CVSS5.5AI score0.00251EPSS
Exploits1References1
Snyk
Snyk
added 2025/05/05 7:32 p.m.3 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Improper...

6.8CVSS7AI score0.00411EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/05 7:32 p.m.10 views

CVE-2025-46730 Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack

MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external...

6.8CVSS6.7AI score0.00411EPSS
Exploits1References2
NVD
NVD
added 2025/05/05 7:15 p.m.19 views

CVE-2025-46335

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...

8.6CVSS0.00251EPSS
Exploits1References2
CVE
CVE
added 2025/05/05 6:23 p.m.105 views

CVE-2025-46335

The CVE-2025-46335 entry concerns Mobile Security Framework (MobSF) and describes a Stored Cross-Site Scripting (XSS) vulnerability in MobSF versions up to 4.3.2, arising from improper sanitization of user-supplied SVG files during the Android APK analysis workflow. Affected component: MobSF Andr...

8.6CVSS5.3AI score0.00251EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/05 6:23 p.m.6 views

CVE-2025-46335 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...

8.6CVSS5.3AI score0.00251EPSS
Exploits1References2
OSV
OSV
added 2025/05/05 6:23 p.m.8 views

CVE-2025-46335 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...

8.6CVSS4.8AI score0.00251EPSS
Exploits1References4
Snyk
Snyk
added 2025/05/05 2:55 p.m.2 views

Cross-site Scripting (XSS)

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Cross-site...

8.6CVSS5.4AI score0.00251EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.6 views

Mobile Security Framework(MobSF) 跨站脚本漏洞

Mobile Security Framework MobSF is Mobile Security Framework open source an automated all-in-one mobile application . Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A cross-site scripting vulnerability exists ...

8.6CVSS5.6AI score0.00251EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.4 views

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

6.8CVSS6.3AI score0.00411EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.13 views

PT-2025-19768

Name of the Vulnerable Software and Affected Versions Mobile Security Framework MobSF versions up to and including 4.3.2 Description A Stored Cross-Site Scripting XSS issue has been identified in MobSF. The issue arises from improper sanitization of user-supplied SVG files during the Android APK...

8.6CVSS6.1AI score0.00251EPSS
Exploits1References18
Packet Storm News
Packet Storm News
added 2025/04/21 12:0 a.m.8 views

A Security Framework for General Blockchain Layer 2 Protocols

Layer 2 L2 solutions are the cornerstone of blockchain scalability, enabling high-throughput and low-cost interactions by shifting execution off-chain while maintaining security through interactions with the underlying ledger. Despite their common goals, the principal L2 paradigms -- payment...

7AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2025/04/10 3:16 p.m.15 views

Meeting NIST API Security Guidelines with Wallarm

On March 25, 2025, NIST released the initial public draft of NIST SP 800-228, "Guidelines for API Protection for Cloud-Native Systems." The document provides a comprehensive framework for securing APIs in cloud-enabled environments. However, for organizations looking to align with these objective...

7.6AI score
Exploits0
Rows per page
Query Builder