158 matches found
EUVD-2018-12670
Malware in sbrugna...
"Your Doctor Is Spying on You": An Analysis of Data Practices in Mobile Healthcare Applications
Mobile healthcare mHealth applications promise convenient, continuous patient-provider interaction but also introduce severe and often underexamined security and privacy risks. We present an end-to-end audit of 272 Android mHealth apps from Google Play, combining permission forensics, static...
EUVD-2025-23889
Malicious code in bioql PyPI...
CVE-2025-58055 Discourse AI Suggestions Contain Insecure Direct Object Reference
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topicid...
Calix GigaCenter ONT Series 安全漏洞
The Calix GigaCenter ONT Series is a series of optical network terminals from Calix USA. A security vulnerability exists in the Calix GigaCenter ONT Series 844E version, 844G version, 844GE version, and 854GE version, which stems from the insecure storage of sensitive information and could lead t...
CVE-2025-51055
Insecure Data Storage of credentials has been found in /apivedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information...
CVE-2025-51055
Insecure Data Storage of credentials has been found in /apivedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information...
CVE-2025-51055
Insecure Data Storage of credentials has been found in /apivedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information...
CVE-2025-51055
CVE-2025-51055 refers to an information disclosure in Vedo Suite 2024.17 where credentials, keys, and database details are stored in plaintext in /api_vedo/configuration/config.yml. Multiple connected sources corroborate this: the CVE description (NVD/Red Hat/CVE lists) and the PT-2025-32219 advi...
CVE-2025-51055
Insecure Data Storage of credentials has been found in /apivedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information...
CVE-2025-41458 Insecure data storage vulnerability in Two App Studio Journey v5.5.9 for iOS
Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem...
CVE-2025-41458 Insecure data storage vulnerability in Two App Studio Journey v5.5.9 for iOS
Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem...
WeGIA 跨站脚本漏洞
WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the control.php endpoint descricaoemergencia parameter, for which no detailed vulnerability details are...
CVE-2025-21003
Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information...
The vulnerability of the mp() function (/goform/mp) in the microprogramming software for Wi-Fi range extension device Belkin F9K1122 allows a intruder to execute arbitrary commands.
The vulnerability of the mp function /goform/mp in the microprogramming software for Wi-Fi range extension by Belkin F9K1122 is related to the lack of measures taken to secure data at the control level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...
CVE-2023-0967
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...
CVE-2022-1257
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files...
CVE-2021-25266
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile Android before version 9.7.3495...
CVE-2020-35455
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage...
CVE-2018-11544
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/sharedprefs/com.theolivetree.ftpserverpreferences.xml file as the prefUsername and prefUserpass strings...