3644 matches found
PT-2026-25949
A vulnerability was determined in Duende IdentityServer 4. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument id token hint causes improper authentication. It is possible to initiate the attack...
CVE-2026-4251
A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutterassets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected storag...
CVE-2026-4251 CityData CityChat ai.citydata.citychat credentials.json credentials storage
A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutterassets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected storag...
CVE-2026-4251 CityData CityChat ai.citydata.citychat credentials.json credentials storage
A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutterassets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected storag...
CVE-2026-4243
A weakness has been identified in La Nacion App 10.2.25 on Android. This impacts an unknown function of the file source/app/lanacion/clublanacion/BuildConfig.java of the component app.lanacion.activity. Executing a manipulation of the argument APIKEYWEBSOCKETCV can lead to unprotected storage of...
CVE-2026-32594
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.40 and 9.6.0-alpha.14, the GraphQL WebSocket endpoint for subscriptions does not pass requests through the Express middleware chain that enforces authentication, introspection...
CVE-2026-4218 myAEDES App aedes.me.beta EngageBayUtils.java information disclosure
A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTHKEY results in information disclosure. The attack is only possible...
CVE-2026-4218
A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTHKEY results in information disclosure. The attack is only possible...
CVE-2026-4218
CVE-2026-4218 affects the Android-based myAEDES App up to version 1.18.4. The vulnerability concerns an unknown function in the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta . By manipulating the argument AUTH_KEY , an information disclosure can occur. The attack req...
CVE-2026-4217
A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...
CVE-2026-4217 XREAL Nebula App ai.nreal.nebula.universal CloudStoragePlugin.java credentials storage
A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...
PT-2026-25614
A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...
PT-2026-25615
A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH KEY results in information disclosure. The attack is only possibl...
PT-2026-25765
A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android. Affected is an unknown function of the file resources/assets/service-account.json of the component Google Cloud Service Account Key Handler. Performing a manipulation results in unprotected...
PT-2026-25771
A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutter assets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected stora...
CLSA-2026-1773505272 python3.11: Fix of CVE-2025-6075
CVE-2025-6075: fix quadratic complexity in os.path.expandvars...
CLSA-2026-1773480954 python3.9: Fix of CVE-2025-6075
CVE-2025-6075: fix quadratic complexity in os.path.expandvars...
GHSA-P2X3-8689-CWPG Parse Server's GraphQL WebSocket endpoint bypasses security middleware
Impact Any Parse Server deployment that uses the GraphQL API is affected. The GraphQL WebSocket endpoint for subscriptions does not pass requests through the Express middleware chain that enforces authentication, introspection control, and query complexity limits. An attacker can connect to the...
Parse Server's GraphQL WebSocket endpoint bypasses security middleware
Impact Any Parse Server deployment that uses the GraphQL API is affected. The GraphQL WebSocket endpoint for subscriptions does not pass requests through the Express middleware chain that enforces authentication, introspection control, and query complexity limits. An attacker can connect to the...
CVE-2026-32594 Parse Server GraphQL WebSocket endpoint bypasses security middleware
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.40 and 9.6.0-alpha.14, the GraphQL WebSocket endpoint for subscriptions does not pass requests through the Express middleware chain that enforces authentication, introspection...