34 matches found
CVE-2026-10510
Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted webactiondata URL parameter...
CVE-2026-10510
Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted webactiondata URL parameter...
CVE-2026-10510 GeniexWebView XSS in com.transsion.aiassistantlifestyle
Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted webactiondata URL parameter...
CVE-2026-10510 GeniexWebView XSS in com.transsion.aiassistantlifestyle
Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted webactiondata URL parameter...
CVE-2026-10510
CVE-2026-10510 describes a Cross-Site Scripting (XSS) vulnerability in the GeniexWebView component of the Transsion AI Assistant Lifestyle app (package: com.transsion.aiassistantlifestyle) on Android. All versions appear affected. The underlying issue allows a remote attacker to execute arbitrary...
EUVD-2026-33874
Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted webactiondata URL parameter...
PT-2026-45682
Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted web action data URL parameter...
Transsion AI Assistant Lifestyle 安全漏洞
Transsion AI Assistant Lifestyle is a mobile AI assistant application developed by Transsion Corporation. It integrates intelligent question answering, content generation, lifestyle service recommendations, and personal assistant functions. There is a security vulnerability in Transsion AI...
EUVD-2026-5691
A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/phpaction/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-65363
Authenticated append-style command-injection Ruijie APs APRGOS 11.1.x allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the webaction.do endpoint...
CVE-2025-65363
Authenticated append-style command-injection Ruijie APs APRGOS 11.1.x allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the webaction.do endpoint...
CVE-2025-65363
Authenticated append-style command-injection Ruijie APs APRGOS 11.1.x allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the webaction.do endpoint...
CVE-2025-65363
Authenticated append-style command-injection Ruijie APs APRGOS 11.1.x allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the webaction.do endpoint...
PT-2025-49570
Name of the Vulnerable Software and Affected Versions Ruijie APs versions 11.1.x Description An authenticated user with web access can inject shell commands on Ruijie APs. This allows execution of appended shell expressions as root through the command parameter in the ''web action.do'' endpoint...
CVE-2025-65363
Authenticated append-style command-injection Ruijie APs APRGOS 11.1.x allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the webaction.do endpoint...
CVE-2025-65363
CVE-2025-65363 affects Ruijie AP_RGOS 11.1.x. An authenticated web user can inject appended shell expressions via the command parameter to the web_action.do endpoint, executing as root and enabling file disclosure, device disruption, and potential network pivoting. Reports across multiple sources...
EUVD-2025-201720
Authenticated append-style command-injection Ruijie APs APRGOS 11.1.x allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the webaction.do endpoint...
EUVD-2010-4993
Malware in sbrugna...
CVE-2020-36827
The XAO::Web module before 1.84 for Perl mishandles characters in JSON output during use of json-embed in Web::Action...
CVE-2020-36827
The XAO::Web module before 1.84 for Perl mishandles characters in JSON output during use of json-embed in Web::Action...