EUVD-2025-202612

The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. ...

"Your Doctor Is Spying on You": An Analysis of Data Practices in Mobile Healthcare Applications

Mobile healthcare mHealth applications promise convenient, continuous patient-provider interaction but also introduce severe and often underexamined security and privacy risks. We present an end-to-end audit of 272 Android mHealth apps from Google Play, combining permission forensics, static...

WeGIA 跨站脚本漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the control.php endpoint descricaoemergencia parameter, for which no detailed vulnerability details are...

The vulnerability of the mp() function (/goform/mp) in the microprogramming software for Wi-Fi range extension device Belkin F9K1122 allows a intruder to execute arbitrary commands.

The vulnerability of the mp function /goform/mp in the microprogramming software for Wi-Fi range extension by Belkin F9K1122 is related to the lack of measures taken to secure data at the control level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...

The vulnerability of the upgrade_filter_asp function in the upgrade_filter.asp file of the D-Link DI-8400 router’s microprogramming system, allowing a hacker to execute arbitrary commands.

The vulnerability of the upgradefilterasp function in the upgradefilter.asp file of the D-Link DI-8400 router microprogramming system is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

Insecure Data Handling

libnbd is vulnerable to Insecure Data Handling. The vulnerability is due to nbdunlockedgetsize function not sanitizing/checking data that sizes larger than INT64MAX. This could lead to potential Denial of service...

s3-uploader 操作系统命令注入漏洞

s3-uploader is flexible and efficient for image resizing, renaming and uploading to Amazon S3 disk storage. A security vulnerability in Turistforeningen node-s3-uploader 2.0.3 and earlier stems from a Node.js package insecurely passing data to the metadata function, which ultimately connects to a...

PT-2022-7021 · Qnap · Qvr Pro Client

Name of the Vulnerable Software and Affected Versions: QVR Pro Client versions prior to 2.3.0.0420 Description: The issue is related to insufficient protection of registration data in QVR Pro Client, which may allow an attacker to gain unauthorized access to protected information. An insertion of...

CVE-2004-0871

Mozilla does not prevent cookies that are sent over an insecure channel HTTP from also being sent over a secure channel HTTPS/SSL in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."...

Trillian 0.x IRC Module - Remote Buffer Overflow

source: https://www.securityfocus.com/bid/5373/info A buffer overflow condition has been reported in the Trillian IRC module. The condition is due to insecure handling of data extracted from server responses. An attacker in control of a malicious server may exploit vulnerable clients who have...