78 matches found
PT-2025-29957 · Google +1 · Android +1
Name of the Vulnerable Software and Affected Versions: Motorola Smart Connect Android Application version 1.0 Description: A vulnerability exists in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application. This could allow a nearby attacke...
PT-2025-29907 · Blubird · Bluebird Barcode Scanner
Name of the Vulnerable Software and Affected Versions: Bluebird barcode scanner application versions prior to 1.3.3 Description: The barcode scanner application on Bluebird devices exposes an unsecured broadcast receiver, kr.co.bluebird.android.bbsettings.BootReceiver. A local attacker can exploi...
JVN#17860456: UpdateNavi vulnerable to improper restriction of communication channel to intended endpoints
UpdateNavi provided by Fujitsu Client Computing Limited contains the following vulnerability. Improper restriction of communication channel to intended endpoints CWE-923 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Bas...
Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability
Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their...
CVE-2025-23091
An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle MitM attack during application update...
CVE-2023-25163
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error...
CVE-2019-13466
Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available...
CVE-2025-27654
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting XSS V-2023-017...
Microsoft PC Manager Elevation of Privilege (February 2024)
The Windows 'Microsoft PC Manager' app installed on the remote host is affected by an elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported versi...
CVE-2025-23091
An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle MitM attack during application update...
CVE-2025-23091
An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle MitM attack during application update...
CVE-2025-23091
CVE-2025-23091 describes an Improper Certificate Validation issue on UniFi OS devices configured with Identity Enterprise, allowing a remote attacker to perform a man-in-the-middle during application updates. Affected component: certificate validation during update process on UniFi OS. Root cause...
"Shonen Jump+" App for Android fails to restrict custom URL schemes properly
Overview "Shonen Jump+" App for Android provided by SHUEISHA INC. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Toshiki Iwasaki of Mitsui Buss...
JVN#57285747: N-LINE vulnerable to HTML injection
N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Impact Arbitrary code may be executed on the instructor's...
"@cosme" App fails to restrict custom URL schemes properly
Overview "@cosme" App provided by istyle Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Pantuhong Sorasiri of LAC Co., Ltd. reported this...
CVE-2024-45057 Reflected Cross-Site Scripting in i-Educar
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting XSS vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The file located at...
JVN#28515217: Cleartext transmission issue in TONE store App to TONE store
TONE store App provided by DREAM TRAIN INTERNET INC. contains a cleartext transmission issue to TONE store website CWE-419. Impact A man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App. Solution Update the application Update the application to...
JVN#23528780: "Yahoo! JAPAN" App vulnerable to cross-site scripting
"Yahoo! JAPAN" App provided by LY Corporation contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the WebView of "Yahoo! JAPAN" App via other app installed on the user's device. Solution Update the application Update the application to the latest...
JVN#96154238: Android App "Spoon" uses a hard-coded API key for an external service
Android App "Spoon" provided by Spoon Radio Japan Inc. uses a hard-coded API key for an external service CWE-798. Impact The hard-coded API key may be retrieved when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service. Note that t...
GHSA-555C-2P6R-68MM .NET Denial of Service vulnerability
Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...