CVE-2020-14118

An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps...

Xiaomi Mi App Store 输入验证错误漏洞

A security vulnerability exists in Xiaomi Mi App Store, an app store of Xiaomi, a Chinese company. The vulnerability is due to the Xiaomi App Store not verifying the validity of incoming data, which could be exploited by an attacker to cause the app store to automatically download and install app...

CVE-2021-26625

The CVE-2021-26625 entry concerns the Nexacro platform (Tobesoft Nexacro). The root cause is an automatic update feature that does not verify input data beyond version information, enabling a remote attacker to download and execute arbitrary malicious files. Public details specify Nexacro/17.x va...

CVE-2022-26631

CVE-2022-26631 affects the Automatic Question Paper Generator v1.0. The vulnerability is a time-based blind SQL injection exploitable through the id parameter in GET requests, enabling an attacker to infer data from the database. The issue is documented across multiple sources (NVD entry and seve...

CVE-2022-28773

Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically...

Design/Logic Flaw

Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically...

Design/Logic Flaw

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then...

CVE-2022-28773

CVE-2022-28773 affects SAP Web Dispatcher and SAP Internet Communication Manager. The issue is caused by uncontrolled recursion, leading to denial of service with a crash that is restartable. Public details across connected documents confirm the component/file-level root cause and DoS impact; som...

SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps

As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. "SharkBot steals credentials and banking information," Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with T...

Google Android elevation of privilege vulnerability (CNVD-2022-26760)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a security vulnerability that stems from a lack of permission checking in the settings, which can be exploited by an attacker to add automatic connections to WiFi networks without the user's...

CVE-2022-27534

Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev Positive...

CVE-2022-27534

Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev Positive...

CVE-2021-27223

A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: Straghkov Denis,...

Sophos Firewall RCE vulnerability actively exploited

THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A security researcher has discovered an authentication bypass vulnerability that resides in the User Portal and Webadmin areas of Sophos Firewall. Attackers are actively exploiting this vulnerability to attack enterprises in...

CVE-2022-1076

A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is...

CVE-2022-1073

A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely...

CVE-2022-1076

A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is...

Cross site scripting

A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is...

CVE-2022-1076 Automatic Question Paper Generator System My Account Page login.php cross site scripting

A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is...

CVE-2022-1076 Automatic Question Paper Generator System My Account Page login.php cross site scripting

A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is...