CVE-2018-14994

The Essential Phone Android device with a build fingerprint of essential/mata/mata:8.1.0/OPM1.180104.166/297:user/release-keys contains a pre-installed platform app with a package name of com.ts.android.hiddenmenu versionName=1.0, platformBuildVersionName=8.1.0 that contains an exported activity...

CVE-2025-61781

OpenCTI prior to 6.8.1 is affected by an authorization flaw in the GraphQL mutation WorkspacePopoverDeletionMutation, which allows an authenticated user to delete workspace objects (dashboards, investigation cases) belonging to other users. The API does not verify ownership, enabling unauthorized...

CVE-2025-41719

CVE-2025-41719 affects Sauter modu680-AS (web server component) where a low-privileged remote attacker can corrupt the web server’s user store by sending a sequence of unsupported characters. This leads to deletion of all previously configured users and the creation of a default Administrator wit...

EUVD-2018-6867

Malware in sbrugna...

EUVD-2018-18345

Malware in sbrugna...

EUVD-2018-6881

Malware in sbrugna...

EUVD-2018-6869

Malware in sbrugna...

EUVD-2018-2051

Malware in sbrugna...

PT-2025-23491 · Unknown · Ce Phoenix

Name of the Vulnerable Software and Affected Versions: CE Phoenix eCommerce platform versions 1.0.9.7 through 1.1.0.3 Description: The issue allows logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session...

CVE-2018-15003

The Coolpad Defiant Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys and the T-Mobile Revvl Plus Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildfnj02-206:user/release-keys Android devices contain a pre-installed platform app with a package name of...

CVE-2025-2876

CVE-2025-2876 affects MelaPress Login Security and MelaPress Login Security Premium for WordPress. Root cause: missing capability check in monitor_admin_actions in version 2.1.0, enabling unauthenticated users to delete any user. Impact from sources: data loss via unauthorized user deletion. Reme...

CVE-2018-15003

The Coolpad Defiant Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys and the T-Mobile Revvl Plus Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildfnj02-206:user/release-keys Android devices contain a pre-installed platform app with a package name of...

CVE-2018-14989

The Plum Compass Android device with a build fingerprint of PLUM/c179hwf221/c179hwf221:6.0/MRA58K/W16.51.5-22:user/release-keys contains a pre-installed platform app with a package name of com.android.settings versionCode=23, versionName=6.0-eng.root.20161223.224055 that contains an exported...

CVE-2018-14999

The Leagoo P1 device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.wtk.factory versionCode=1, versionName=1.0 that contains an exported broadcast receiver named...

Design/Logic Flaw

The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201N/m201N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android versionCode=19, versionName=4.4.2-20170213 that dynamically registers a broadcast receiver app component named...

CVE-2018-14985

The Leagoo Z5C Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.android.settings versionCode=23, versionName=6.0-android.20170630.092853 that contains an exported...

CVE-2018-1000874

PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting XSS vulnerability in all distributed parsers allowing a malicious crafted script to be executed that can result in the lose of user data and sensitive user information. This attack can be exploited by crafting a...

CVE-2018-1000874

PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting XSS vulnerability in all distributed parsers allowing a malicious crafted script to be executed that can result in the lose of user data and sensitive user information. This attack can be exploited by crafting a...

Stored Cross-Site Scripting Vulnerability in Tea Bugs App

The Tea Bug app is a and a mobile software specially created for those who love tea culture. Tea Bug app has a stored cross-site scripting vulnerability. Allows an attacker to insert malicious js code into a page to obtain user cookies and other information, leading to user hijacking...

Microsoft Visio Object Header Buffer Overflow (MS08-019; CVE-2008-1089)

Microsoft Visio is a diagramming application that is part of the Microsoft Office suite. Microsoft Office is a popular productivity application suite released by Microsoft Corporation. It includes a word processor, a spreadsheet application, a presentation editor, and a number of other applicatio...