EZVIZ APP 安全漏洞

EZVIZ APP is a mobile application developed by EZVIZ, a Chinese company, for remote monitoring and management of smart security devices. The EZVIZ APP has a security vulnerability, which stems from the use of outdated cloud function modules and legacy API interfaces. This vulnerability may allow...

PT-2026-35350

A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the function fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts of the component getCodeByLink Endpoint. The manipulation of the argument Link results in server-side request forgery. The attack may be...

PT-2026-29995

A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/BuildConfig.java of the component com.WahooFitness.SYSTM. Such manipulation of the argument SEGMENT WRITE KEY leads to use of hard-coded cryptograph...

CVE-2026-4317

CVE-2026-4317 describes an SQL injection in the Umami Software web application where an improperly sanitized timezone parameter is interpolated directly into SQL queries (potentially via prisma.rawQuery/prisma.$queryRawUnsafe or raw queries with ClickHouse). This authenticated-access vulnerabilit...

CVE-2026-4219

CVE-2026-4219 affects INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to version 1.0.2 on Android. The vulnerability concerns the file com/index/event/BuildConfig.java of the ae.index.apgcs component, where manipulating the arguments ACCESS_KEY and HASH_KEY can reveal hard-code...

📄 Casdoor 2.283.0 Cross Site Request Forgery

Casdoor version 2.283.0 suffers from a cross site request forgery vulnerability. Related CVE number: CVE-2023-34927. Exploit Title: Casdoor v2.283.0 2026-02-02 - Cross-Site Request Forgery CSRF Application: Casdoor Version: v2.283.0 Date: 03/02/2026 Exploit Author: Van Lam Nguyen Facebook:...

CVE-2025-14317

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

CVE-2025-14317

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

CVE-2023-43300

An issue in urbanproject mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

CVE-2018-18071

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as...

CVE-2019-16909

An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14J8 for Jira. It is possible to obtain a list of all Jira projects with authentication as a Jira user, but without authorization for specific projects via the plugins/servlet/nfj/NotificationSettings URI...

Kentico Xperience 安全漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

CVE-2025-13474

Authorization Bypass Through User-Controlled Key vulnerability in Menulux Software Inc. Mobile App allows Exploitation of Trusted Identifiers.This issue affects Mobile App: before 9.5.8...

CVE-2025-13474 IDOR in Menulux Software's Mobile App

Authorization Bypass Through User-Controlled Key vulnerability in Menulux Software Inc. Mobile App allows Exploitation of Trusted Identifiers.This issue affects Mobile App: before 9.5.8...

CVE-2025-13474

Summary of CVE-2025-13474 Affected product: Menulux Software Inc. Mobile App (versions before 9.5.8). Vulnerability: Authorization bypass through a user-controlled key that enables exploitation of trusted identifiers. Impact: The description indicates an authorization bypass affecting the mobile ...

CVE-2025-34260

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...

Deck app allows to spoof file extensions by using RTLO characters

None...

PT-2025-49048

Name of the Vulnerable Software and Affected Versions Synology BeeDrive for desktop versions prior to 1.4.3-13973 Description A flaw exists in BeeDrive that allows local users to write arbitrary files containing non-sensitive information. The issue is due to an origin validation error...

CVE-2025-62074

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Amauri WPMobile.App wpappninja.This issue affects WPMobile.App: from n/a through = 11.71...

Glority Limited Mobile Scanner Android App 安全漏洞

Glority Limited Mobile Scanner Android App is a mobile scanning application from Glority. A security vulnerability exists in Glority Limited Mobile Scanner Android App version 2.12.38, which stems from improper handling of cloud service credentials and could lead to disclosure of sensitive...