CVE-2023-54359

WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid'...

Malicious code in dial-app-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9efdd5b481d49a0d9ac535aedde75dbf5638bd85e7efe9c536d2938c57142799 The package dial-app-version was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2285 Malicious code in dial-app-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9efdd5b481d49a0d9ac535aedde75dbf5638bd85e7efe9c536d2938c57142799 The package dial-app-version was found to contain malicious code. Source: ossf-package-analysis...

atlaszz AI Photo Team Galleryit App 路径遍历漏洞

The atlaszz AI Photo Team Galleryit App is an image delivery tool from atlaszz AI Photo Team, Inc. A path traversal vulnerability exists in atlaszz AI Photo Team Galleryit App version 1.3.8.2, which stems from a path traversal issue in the component gallery.photogallery.pictures.vault.album...

EUVD-2025-198859

Malicious code in @markvivanco/app-version-checker npm...

Malicious code in @markvivanco/app-version-checker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb3390637a7e3c1122d5f1f2417189358dec13936938bd997c1bf5949c1bb8dc The package @markvivanco/app-version-checker was found to contain malicious code. Source: ghsa-malware...

CVE-2025-63638

The CVE-2025-63638 entry corresponds to a Cross-Site Scripting (XSS) vulnerability in Sourcecodester AI-Powered To-Do List App v1.0. According to multiple sources (NVD, Red Hat, ENISA/EUVD, CVE/CVEList, CNNVD), the flaw affects the Task Title and the Description (Optional) fields when creating a ...

EUVD-2019-7564

Malware in sbrugna...

EUVD-2022-4421

Malicious code in bioql PyPI...

EUVD-2025-13277

Malicious code in bioql PyPI...

EUVD-2025-26237

Malicious code in bioql PyPI...

CVE-2025-50503

A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an attacker to bypass the OTP reset password mechanism. By manipulating the reset process, an unauthorized user may be able to reset the password and gain access to the account without needing to provide ...

CVE-2025-50862

The Lotus Cars Android app com.lotus.carsdomestic.intl 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure...

MAL-2025-6811 Malicious code in checkout-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3f3f3a1d0b011d00d475a42f290ecb00025114dbb878def81003f3cbd0ea26e7 The OpenSSF Package Analysis project identified 'checkout-app' @ 1.5.1 npm as malicious. It is considered malicious because: - The package...

CVE-2025-8745

CVE-2025-8745 affects Weee RICEPO App 6.17.77 on Android, specifically the com.ricepo.app component. The vulnerability arises from improper export of AndroidManifest.xml handling, enabling a local-attack impact (confidentiality impacted). Exploitation details are publicly disclosed; vendor was co...

RiderLike Fruit Crush-Brain App 安全漏洞

RiderLike Fruit Crush-Brain App is a mobile game by RiderLike. A security vulnerability exists in RiderLike Fruit Crush-Brain App version 1.0, which originates from improper export of AndroidManifest.xml...

CVE-2022-24886

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0...

CVE-2025-32881

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...

CVE-2025-32889

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app...

CVE-2025-32888

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app...