EUVD-2019-2063

Malware in sbrugna...

EUVD-2020-1570

Malware in sbrugna...

EUVD-2019-2064

Malware in sbrugna...

MAL-2025-41846 Malicious code in @espace-client-axafr/confirmation-screen (npm)

The package communicates with a domain associated with malicious activity...

CVE-2023-21225

there is a possible way to bypass the protected confirmation screen due to Failure to lock display power. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID...

CVE-2019-1020017

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP...

CVE-2019-1020018

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link...

CVE-2023-21225

there is a possible way to bypass the protected confirmation screen due to Failure to lock display power. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID...

PT-2023-18011 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a failure to lock display power, which could allow bypassing the protected confirmation screen. This may lead to local escalation of privilege without requiring...

PUB-A-270403821

there is a possible way to bypass the protected confirmation screen due to Failure to lock display power. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

Discourse < 2.4.0.beta3 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities including CSRF flaws. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Code injection

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link...

CVE-2019-1020017

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP...

CVE-2019-1020017

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP...

Code injection

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP...

CVE-2019-1020017

CVE-2019-1020017 affects Discourse prior to 2.3.0 and 2.4.x prior to 2.4.0.beta3, where logging in via a user-api OTP lacks a confirmation screen. The vulnerability originates from improper flow gating during OTP-based login, enabling potential unintended access without explicit user confirmation...

CVE-2019-1020017

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP...

[20180504] - Core - Installer leaks plain text password to local user

The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and displays the plain text password for the administrator account at the confirmation screen...