CVE-2026-8879 CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

CVE-2025-65820

An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...

EUVD-2025-202626

An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...

CVE-2025-65820

An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...

CVE-2025-65820

An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...

PT-2025-50495

Name of the Vulnerable Software and Affected Versions Meatmeet Android Mobile Application version 1.1.2.0 Description An exported activity within the application can be initiated, revealing a hidden page. This page displays devices, including two that have not been publicly released. An attacker...

Meatmeet Pro App 安全漏洞

Meatmeet Pro App is a meat product purchasing application from Meatmeet, Inc. A security vulnerability exists in Meatmeet Pro App version 1.1.2.0, which stems from an export activity that could result in accessing a hidden page, potentially revealing unpublished device information...

CVE-2025-65820

An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...

CVE-2025-65820

An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your...

CVE-2025-65820

Meatmeet Android Mobile Application 1.1.2.0 is affected by CVE-2025-65820. An exported activity can spawn a hidden page listing devices, including unreleased ones, enabling attackers to gain insight into unreleased Meatmeet devices. The CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H...

EUVD-2021-34740

Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite...

IBM Cognos Analytics Certified Containers 安全漏洞

IBM Cognos Analytics Certified Containers is a suite of business intelligence software from International Business Machines IBM. A security vulnerability exists in IBM Cognos Analytics Certified Containers version 12.1.0 that stems from the presence of a hidden page that could lead to the...

firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack...

Grocy 安全漏洞

Grocy is a web-based self-hosted grocery and home management solution from Grocy Open Source. A security vulnerability exists in Grocy version 4.3.0 and earlier, which stems from an attacker being able to obtain sensitive information by directly requesting a page that is not displayed in the user...

CVE-2024-33626

The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive information, such as the WiFi WPS PIN, through a hidden page accessible by an HTTP request. Disclosure of this information could enable attackers to connect to the...

LevelOne WBR-6012 信息泄露漏洞

The LevelOne WBR-6012 is a wireless router from LevelOne. An information disclosure vulnerability exists in the LevelOne WBR-6012, which originates from a hidden page accessed via an HTTP request that can disclose sensitive information without authentication...

PT-2024-25385 · Levelone · Levelone Wbr-6012

Name of the Vulnerable Software and Affected Versions: LevelOne WBR-6012 router affected versions not specified Description: The issue concerns a vulnerability within the web application of the router, allowing unauthenticated disclosure of sensitive information. This includes the WiFi WPS PIN,...

CHANGING Mobile One Time Password Code Issue Vulnerability

CHANGING Mobile One Time Password is a password management application from the Chinese company CHANGING Mobile. It is used to set one-time passwords for authentication or transactions. A code issue vulnerability exists in CHANGING Mobile One Time Password, which stems from the upload function on...

PT-2024-23870 · Unknown · Changing Mobile One Time Password

Name of the Vulnerable Software and Affected Versions: CHANGING Mobile One Time Password affected versions not specified Description: The issue concerns a lack of proper file type filtering in the uploading function of a hidden page within CHANGING Mobile One Time Password. This allows remote...

CVE-2024-27202

A DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...