Lucene search
K

78 matches found

Positive Technologies
Positive Technologies
added 2025/07/17 12:0 a.m.4 views

PT-2025-29957 · Google +1 · Android +1

Name of the Vulnerable Software and Affected Versions: Motorola Smart Connect Android Application version 1.0 Description: A vulnerability exists in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application. This could allow a nearby attacke...

5.1CVSS6AI score0.00112EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/17 12:0 a.m.2 views

PT-2025-29907 · Blubird · Bluebird Barcode Scanner

Name of the Vulnerable Software and Affected Versions: Bluebird barcode scanner application versions prior to 1.3.3 Description: The barcode scanner application on Bluebird devices exposes an unsecured broadcast receiver, kr.co.bluebird.android.bbsettings.BootReceiver. A local attacker can exploi...

8.5CVSS6.5AI score0.00139EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/06/12 12:0 a.m.6 views

JVN#17860456: UpdateNavi vulnerable to improper restriction of communication channel to intended endpoints

UpdateNavi provided by Fujitsu Client Computing Limited contains the following vulnerability. Improper restriction of communication channel to intended endpoints CWE-923 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Bas...

7.1CVSS7.1AI score0.00109EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/06/11 2:48 p.m.17 views

Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability

Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their...

7.5CVSS7.6AI score0.0089EPSS
Exploits0References6Affected Software12
RedhatCVE
RedhatCVE
added 2025/05/23 11:41 a.m.15 views

CVE-2025-23091

An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle MitM attack during application update...

5.9CVSS7.1AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:9 a.m.2 views

CVE-2023-25163

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error...

6.5CVSS6.9AI score0.00843EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:16 a.m.6 views

CVE-2019-13466

Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available...

7.5CVSS7AI score0.00661EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/05 12:0 a.m.24 views

CVE-2025-27654

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting XSS V-2023-017...

0.00485EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.7 views

Microsoft PC Manager Elevation of Privilege (February 2024)

The Windows 'Microsoft PC Manager' app installed on the remote host is affected by an elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported versi...

7.8CVSS8.4AI score0.00637EPSS
Exploits0References2
NVD
NVD
added 2025/02/01 7:15 a.m.27 views

CVE-2025-23091

An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle MitM attack during application update...

5.9CVSS0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/01 6:53 a.m.5 views

CVE-2025-23091

An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle MitM attack during application update...

5.9CVSS5.8AI score0.00193EPSS
Exploits0References1
CVE
CVE
added 2025/02/01 6:53 a.m.84 views

CVE-2025-23091

CVE-2025-23091 describes an Improper Certificate Validation issue on UniFi OS devices configured with Identity Enterprise, allowing a remote attacker to perform a man-in-the-middle during application updates. Affected component: certificate validation during update process on UniFi OS. Root cause...

5.9CVSS5.8AI score0.00193EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/12/16 6:7 a.m.0 views

"Shonen Jump+" App for Android fails to restrict custom URL schemes properly

Overview "Shonen Jump+" App for Android provided by SHUEISHA INC. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Toshiki Iwasaki of Mitsui Buss...

3.3CVSS6.7AI score0.00161EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/18 12:0 a.m.15 views

JVN#57285747: N-LINE vulnerable to HTML injection

N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Impact Arbitrary code may be executed on the instructor's...

7.4CVSS7.1AI score0.00219EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/09/09 5:20 a.m.4 views

"@cosme" App fails to restrict custom URL schemes properly

Overview "@cosme" App provided by istyle Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Pantuhong Sorasiri of LAC Co., Ltd. reported this...

4.3CVSS6.7AI score0.00277EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/08/28 8:17 p.m.15 views

CVE-2024-45057 Reflected Cross-Site Scripting in i-Educar

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting XSS vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The file located at...

6.3CVSS6AI score0.00342EPSS
Exploits1References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/08 12:0 a.m.8 views

JVN#28515217: Cleartext transmission issue in TONE store App to TONE store

TONE store App provided by DREAM TRAIN INTERNET INC. contains a cleartext transmission issue to TONE store website CWE-419. Impact A man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App. Solution Update the application Update the application to...

3.7CVSS4AI score0.00257EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/29 12:0 a.m.23 views

JVN#23528780: "Yahoo! JAPAN" App vulnerable to cross-site scripting

"Yahoo! JAPAN" App provided by LY Corporation contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the WebView of "Yahoo! JAPAN" App via other app installed on the user's device. Solution Update the application Update the application to the latest...

6.1CVSS5.6AI score0.00314EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/23 12:0 a.m.32 views

JVN#96154238: Android App "Spoon" uses a hard-coded API key for an external service

Android App "Spoon" provided by Spoon Radio Japan Inc. uses a hard-coded API key for an external service CWE-798. Impact The hard-coded API key may be retrieved when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service. Note that t...

5.5CVSS5.3AI score0.00163EPSS
Exploits0
OSV
OSV
added 2023/06/14 5:8 p.m.42 views

GHSA-555C-2P6R-68MM .NET Denial of Service vulnerability

Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...

7.5CVSS7.6AI score0.02627EPSS
Exploits0References6
Rows per page
Query Builder