MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the Wikimedia USA Foundation. The product can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki - Feed Utils versions 1.39 through 1.43, which...

PT-2025-16136 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: Mediawiki Core - Feed Utils versions 1.39 through 1.43 Description: The issue is related to improper encoding or escaping of output, which allows WebView Injection. This is a problem where output is not properly encoded or escaped, potentiall...

Malicious code in jfrog-ide-webview (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5d6e0e1d12832d536ffbef3fcdf804ce0d82ff5bd24ff1117b3e988d14152b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2043 Malicious code in jfrog-ide-webview (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5d6e0e1d12832d536ffbef3fcdf804ce0d82ff5bd24ff1117b3e988d14152b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-1609 OPPO Store APP has a WebView component privilege escalation vulnerability.

In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation...

CVE-2024-1609 OPPO Store APP has a WebView component privilege escalation vulnerability.

In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation...

CVE-2024-1609

CVE-2024-1609 affects the OPPOStore iOS App. The root cause is improper input validation that enables privilege escalation. Reported across multiple sources (NVD, Red Hat, CNNVD, CVE listings) with a CVSS v4.0 base score of 8.7 (HIGH): attack vector is NETWORK, privileges required NONE, user inte...

CVE-2024-41145

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams work or school 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the...

CVE-2024-49419

Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview...

CVE-2024-49418

Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview...

CVE-2024-49419

Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview...

CVE-2024-49419

CVE-2024-49419 relates to Samsung Gaming Hub where insufficient verification of URL authenticity in GamingHub allows remote attackers to cause the app’s WebView to load an arbitrary URL. Affected versions are GamingHub prior to 6.1.03.4 in Korea and prior to 7.1.02.4 globally. The issue stems fro...

CVE-2024-49419

Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview...

CVE-2024-49418

Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview...

CVE-2024-49418

Samsung Gaming Hub (GamingHub) is affected by CVE-2024-49418 due to insufficient verification of URL authenticity in the WebView. The issue affects GamingHub versions prior to 6.1.03.4 in Korea and prior to 7.1.02.4 globally, allowing remote attackers to enable JavaScript in the WebView. Accordin...

PT-2024-33528 · Gaminghub · Gaminghub

Name of the Vulnerable Software and Affected Versions: GamingHub versions prior to 6.1.03.4 in Korea GamingHub versions prior to 7.1.02.4 in Global Description: The issue is related to insufficient verification of URL authenticity, allowing remote attackers to enable JavaScript in the webview. Th...

PT-2024-33529 · Gaminghub · Gaminghub

Name of the Vulnerable Software and Affected Versions: GamingHub versions prior to 6.1.03.4 in Korea GamingHub versions prior to 7.1.02.4 in Global Description: The issue is related to insufficient verification of URL authenticity in GamingHub, allowing remote attackers to load an arbitrary URL i...

CVE-2024-31414

The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts wh...

CVE-2024-31414

The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts wh...

PT-2024-24056 · Eaton · Eaton Foreseer

Name of the Vulnerable Software and Affected Versions: Eaton Foreseer software affected versions not specified Description: The issue concerns the Eaton Foreseer software, which allows users to customize the dashboard in WebView pages. However, the input fields for this feature lack proper input...