333 matches found
EUVD-2026-23388
Red Magic 11 Pro NX809J contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific...
CVE-2026-40002 ZTE Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations.
Red Magic 11 Pro NX809J contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific...
CVE-2026-40002
CVE-2026-40002 affects ZTE Red Magic 11 Pro (NX809J). The issue arises from lack of validation when apps access a service interface, allowing non-privileged apps to trigger sensitive operations. Exploitation could enable writing files to specific partitions and altering writable system properties...
PT-2026-33421
Red Magic 11 Pro NX809J contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific...
CVE-2021-0680
In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID:...
CVE-2025-34156
Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...
Expression Language Injection
Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection. The vulnerability is due to unsafe SpEL evaluation in routes due to the actuator gateway endpoint being exposed and accessible to untrusted users; attackers can create routes that use SpEL to read environment...
io.minio/minio: minio-java Client XML Tag is Vulnerable to Value Substitution
In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including credentials,...
EUVD-2025-35704
Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...
CVE-2025-34156
Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...
CVE-2025-34156 Tibbo AggreGate Network Manager < 6.40.05 System Information Exposure
Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...
CVE-2025-34156 Tibbo AggreGate Network Manager < 6.40.05 System Information Exposure
Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...
GHSA-FWXX-WV44-7QFG Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...
Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...
CVE-2025-41253 Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...
Spring Cloud Gateway Server Webflux 安全漏洞
Spring Cloud Gateway Server Webflux is a Spring open source gateway server. A security vulnerability exists in Spring Cloud Gateway Server Webflux that stems from the Spring Expression Language that may expose environment variables and system properties, potentially leading to information...
io.minio/minio: minio-java Client XML Tag is Vulnerable to Value Substitution
In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including credentials,...
XML Injection
io.minio:minio is vulnerable to XML Injection. The vulnerability is due to automatic substitution of XML tag values containing system property or environment variable references during processing, which allows an attacker to craft malicious XML input that exposes sensitive information such as...
EUVD-2018-6884
Malware in sbrugna...
EUVD-2010-4440
Malware in sbrugna...