Lucene search
+L

72 matches found

Positive Technologies
Positive Technologies
added 2024/12/11 12:0 a.m.4 views

PT-2024-36357 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.2 Description: A malicious application may be able to determine a user's current location. The issue was resolved by sanitizing logging. Recommendations: For versions prior to 15.2, update to macOS Sequoia 15.2 to...

5.5CVSS6.5AI score0.00228EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/05/13 11:0 p.m.34 views

CVE-2024-27839

A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location...

4.9AI score0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/13 11:0 p.m.16 views

CVE-2024-27839

A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location...

5.5AI score0.00208EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/01/22 7:2 a.m.37 views

FTC Bans InMarket for Selling Precise User Location Without Consent

The U.S. Federal Trade Commission FTC is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data. The settlement is part of allegations that the Texas-based company did not inform or seek consent from consumers before using their...

7AI score
Exploits0
OSV
OSV
added 2023/10/18 1:15 p.m.3 views

CVE-2023-31217

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in MyTechTalky User Location and IP plugin = 1.6 versions...

5.4CVSS7.3AI score0.0031EPSS
Exploits0References1
NVD
NVD
added 2023/10/18 1:15 p.m.26 views

CVE-2023-31217

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in MyTechTalky User Location and IP plugin = 1.6 versions...

6.5CVSS5.9AI score0.0031EPSS
Exploits0References1
Prion
Prion
added 2023/10/18 1:15 p.m.18 views

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in MyTechTalky User Location and IP plugin = 1.6 versions...

4.9CVSS5.2AI score0.0031EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/18 12:47 p.m.11 views

CVE-2023-31217 WordPress User Location and IP Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in MyTechTalky User Location and IP plugin = 1.6 versions...

6.5CVSS5.6AI score0.0031EPSS
Exploits0References1
CVE
CVE
added 2023/10/18 12:47 p.m.58 views

CVE-2023-31217

CVE-2023-31217 is a stored XSS vulnerability in the WordPress plugin MyTechTalky User Location and IP . Affected versions are reported as 1.6 and earlier (some sources indicate up to 1.7). The issue arises from input handling in the plugin’s user-location/IP feature, enabling stored cross-site sc...

6.5CVSS5.5AI score0.0031EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/10/18 12:0 a.m.5 views

WordPress Plugin User Location and IP Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS5.9AI score0.0031EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/10/03 12:0 a.m.17 views

WordPress User Location and IP Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Software User Location and IP Type Plugin Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-31217 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8aceab066d00 Credits deokhunKim Required...

6.5CVSS5.7AI score0.0031EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/09/06 9:15 p.m.19 views

CVE-2023-38605

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location...

3.3CVSS2.9AI score0.00195EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/07/26 11:55 p.m.14 views

CVE-2023-36862

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location...

6AI score0.00206EPSS
Exploits0References1
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/06/12 5:13 a.m.11 views

WhosHere Plus. Trilateration vulnerability

WhosHere Plus is a dating app that uses GPS data to recommend users near to each other, based on similar interests. PTP constantly researches the state of privacy and security in apps that use GPS data, because the consequences of poor security and privacy are alarming: Tracking and snooping on a...

6.4AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.7 views

SUSE CVE-2009-4629

Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APPTYPEMAIL or APPTYPEEDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as...

5CVSS6.8AI score0.00934EPSS
Exploits0References3
OSV
OSV
added 2022/02/24 12:0 a.m.18 views

GHSA-J8CX-J9J2-F29W Insecure Storage of Sensitive Information in Microweber

Microweber prior to version 1.3 does not strip images of EXIF data, exposing information about users' locations, device hardware, and device software...

9.1CVSS6.2AI score0.01348EPSS
Exploits1References4
HackRead
HackRead
added 2021/01/21 5:26 p.m.48 views

Shazam Vulnerability exposed location of Android, iOS users

By Sudais Asif The vulnerability in Shazam was identified in 2019 but the details of it were only revealed last week. Cant find out whats the name of that song on television? You know wholl help - Shazam. Recently though, a vulnerability found in the popular app which could allow a malicious acto...

1.5AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/16 2:0 p.m.37 views

New 5G Network Flaws Let Attackers Track Users' Locations and Steal Data

As 5G networks are being gradually rolled out in major cities across the world, an analysis of its network architecture has revealed a number of potential weaknesses that could be exploited to carry out a slew of cyber assaults, including denial-of-service DoS attacks to deprive subscribers of...

0.4AI score
Exploits0
ThreatPost
ThreatPost
added 2020/10/13 4:36 p.m.43 views

Authentication Bug Opens Android Smart-TV Box to Data Theft

A critical bug in the Hindotech HK1 TV Box would allow root-privilege escalation thanks to improper access control. A successful exploit would allow attackers to steal social-networking account tokens, Wi-Fi passwords, cookies, saved passwords, user-location data, message history, emails, contact...

0.26869EPSS
Exploits0References10
HackRead
HackRead
added 2020/08/19 1:52 p.m.35 views

US Secret Service used ‘Locate X’ to track user location without warrant

By Zara Khan Locate X collects location data from smartphone apps. This is a post from HackRead.com Read the original post: US Secret Service used Locate X to track user location without warrant...

1AI score
Exploits0
Rows per page
Query Builder