Netsoft Holdings Hubstaff 代码问题漏洞

Netsoft Holdings Hubstaff is a project management platform from US-based Netsoft Holdings. A code issue vulnerability exists in Netsoft Holdings Hubstaff version 1.6.14, which stems from DLL search order hijacking and could lead to obtaining a reverse shell...

EUVD-2024-53467

Malicious code in bioql PyPI...

Sendit tricked kids, harvested their data, and faked messages, FTC claims

The Federal Trade Commission FTC has sued Sendit’s parent company, saying it signed up children under 13, collected their personal data, and misled them with fake messages and recurring bills. The lawsuit, filed against the app's owner Iconic Hearts Holdings Inc and CEO Hunter Rice, alleges the...

CVE-2024-56960

An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link...

North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS

The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process. "Targets are typically asked to communicate with an interviewer through a link that throws a...

PT-2025-3362 · Apple · Ios

Name of the Vulnerable Software and Affected Versions: Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS version 1.3.50 Description: The issue allows attackers to access sensitive user information via supplying a crafted link. Recommendations: For Tianjin Xiaowu Information...

CVE-2024-56960

An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link...

CVE-2024-56960

An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link...

Xiaowu Information BeiKe Holdings 安全漏洞

Xiaowu Information BeiKe Holdings Shell is a rent and buy software from China-based Xiaowu Information. A security vulnerability exists in Xiaowu Information BeiKe Holdings version 1.3.50, which originates from an attacker being able to obtain sensitive user information by providing a carefully...

Transsion Holdings Infinix Mobile devices 安全漏洞

Transsion Holdings Infinix Mobile devices are a range of mobile devices from Transsion Holdings, a Chinese company. A security vulnerability exists in the Transsion Holdings Infinix Mobile devices, which stems from the pre-installed com.rlk.weathers application exposing an unprotected content...

Transsion Holdings Infinix Mobile devices 安全漏洞

Transsion Holdings Infinix Mobile devices are a family of mobile devices from Transsion Holdings, a Chinese company. A security vulnerability exists in the Transsion Holdings Infinix Mobile devices, which originates from the inclusion of a preloaded com.transsion.agingfunction application that...

Hardcoded credentials

Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types...

CVE-2023-4832 SQLi in Aceka Holdings Company Management

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aceka Company Management allows SQL Injection. This issue affects Company Management: before 3072...

CVE-2023-4832 SQLi in Aceka Holdings Company Management

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aceka Company Management allows SQL Injection. This issue affects Company Management: before 3072...

Skylark Holdings Skylark App 安全漏洞

Skylark Holdings Skylark App is a mobile application from Skylark Holdings, a Japanese company. A security vulnerability exists in Skylark Holdings Skylark App version 6.2.13 and earlier, which stems from not properly restricting the custom URL scheme, allowing an attacker to direct the program t...

Skylark Holdings Skylark App 安全漏洞

Skylark Holdings Skylark App is a mobile application from Skylark Holdings, a Japanese company. A security vulnerability exists in the Skylark Holdings Skylark App that stems from a custom URL access feature that is not properly restricted...

Fork DAO quit do not filter token duplicates and allows for stealing of the whole ERC20 holdings of its treasury

Lines of code Vulnerability details quit doesn't check erc20TokensToInclude argument for repetitions i.e. token address duplications, only checking the existence of a token in erc20TokensToIncludeInQuit. Each time a token repeats the corresponding share of treasury holdings will be transferred to...

JVN#81563390: "Hulu / フールー" App for iOS vulnerable to improper server certificate verification

"Hulu / フールー" App for iOS provided by HJ Holdings, Inc. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update the application to the latest versi...

UniswapHelper.buyFlanAndBurn is a subject to sandwich attacks

Handle hyh Vulnerability details Impact Trades can happen at a manipulated price and end up receiving fewer Flan to be bought than current market price dictates. For example, at the time a user decides to call buyFlanAndBurn Flan trades at 0.8 in the input token terms at the corresponding DEX poo...

Users Can DOS Vesting Distributions

Handle leastwood Vulnerability details Impact The Vesting.vest function is called by airdrop/investor distributions to lock 70% of their token allocations for a period of one year. Vestings are defined on a linear schedule and can be claimed as often as the user likes. However, the claimableAmoun...