35 matches found
EUVD-2025-30714
Malicious code in bioql PyPI...
CVE-2025-55887
Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...
CVE-2025-55888
Cross-Site Scripting XSS vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution i...
CVE-2025-55887
Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...
CVE-2025-55888
Cross-Site Scripting XSS vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution i...
CVE-2025-55887
Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...
CVE-2025-55885
CVE-2025-55885 is a SQL injection in Alpes Recherche et Developpement ARD GEC en Lign prior to 2025-04-23 that lets a remote attacker escalate privileges by manipulating GET parameters in index.php. Root cause: improper handling of GET inputs in the web app. Impact: privilege escalation with Low ...
PT-2025-38756
Name of the Vulnerable Software and Affected Versions Alpes Recherche et Developpement ARD GEC en Lign versions prior to 2025-04-23 Description A SQL Injection issue exists in Alpes Recherche et Developpement ARD GEC en Lign. A remote attacker can potentially escalate privileges by manipulating t...
CVE-2025-55887
Cross-Site Scripting XSS vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that ...
ARD GEC en Ligne 安全漏洞
ARD GEC en Ligne is an online service portal of ARD France. A security vulnerability exists in ARD GEC en Ligne that stems from an insecure direct object reference to the feuid parameter in the payment history API endpoint, which could lead to unauthorized access to another user's payment history...
CVE-2025-55887
CVE-2025-55887 describes a Cross-Site Scripting (XSS) vulnerability in the ARD meal reservation service. The issue is located in the transactionID GET parameter on the transaction confirmation page and is caused by improper input validation and output encoding. Exploitation could allow an attacke...
CVE-2025-55885
SQL Injection vulnerability in Alpes Recherche et Developpement ARD GEC en Lign before v.2025-04-23 allows a remote attacker to escalate privileges via the GET parameters in index.php...
ARD GEC en Lign 安全漏洞
ARD GEC en Ligne is an online service portal of ARD France. A security vulnerability exists in versions of ARD GEC en Lign prior to 2025-04-23, which stems from improper handling of the GET parameter in index.php, which could lead to SQL injection attacks and elevation of privilege...
CVE-2025-55885
SQL Injection vulnerability in Alpes Recherche et Developpement ARD GEC en Lign before v.2025-04-23 allows a remote attacker to escalate privileges via the GET parameters in index.php...
ARD GEC en Ligne 安全漏洞
ARD GEC en Ligne is an online service portal of ARD France. A security vulnerability exists in ARD GEC en Ligne that stems from an Ajax transaction manager endpoint that does not properly clean or encode the accountName field, which could lead to a cross-site scripting attack...
CVE-2025-55888
Cross-Site Scripting XSS vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution i...
ard-werbung.de Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1153640 Security Researcher Hchabik Helped patch 2424 vulnerabilities Received 5 Coordinated Disclosure badges Received 2 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting ard-werbung.de website and...
Hackers Leak Personal Data from Hundreds of German Politicians On Twitter
Germany has been hit with the biggest hack in its history. A group of unknown hackers has leaked highly-sensitive personal data from more than 100 German politicians, including German Chancellor Angela Merkel, Brandenburg's prime minister Dietmar Woidke, along with some German artists, journalist...
ARD Text (Teletext) - External URLs, WebView JavaScript enabled, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application ARD Text Teletext published at the 'play' market has multiple vulnerabilities...
ARD - BSD license, Customized SSL, MIT license vulnerabilities
HackApp vulnerability scanner discovered that application ARD published at the 'play' market has multiple vulnerabilities...