Lucene search
K

158 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-12670

Malware in sbrugna...

9.8CVSS9.5AI score0.0071EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/10/07 12:0 a.m.8 views

"Your Doctor Is Spying on You": An Analysis of Data Practices in Mobile Healthcare Applications

Mobile healthcare mHealth applications promise convenient, continuous patient-provider interaction but also introduce severe and often underexamined security and privacy risks. We present an end-to-end audit of 272 Android mHealth apps from Google Play, combining permission forensics, static...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-23889

Malicious code in bioql PyPI...

8.6CVSS6.4AI score0.00294EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/10/01 6:48 p.m.34 views

CVE-2025-58055 Discourse AI Suggestions Contain Insecure Direct Object Reference

Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topicid...

4.3CVSS0.00237EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.3 views

Calix GigaCenter ONT Series 安全漏洞

The Calix GigaCenter ONT Series is a series of optical network terminals from Calix USA. A security vulnerability exists in the Calix GigaCenter ONT Series 844E version, 844G version, 844GE version, and 854GE version, which stems from the insecure storage of sensitive information and could lead t...

5.1CVSS6.4AI score0.00191EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/08 12:29 a.m.14 views

CVE-2025-51055

Insecure Data Storage of credentials has been found in /apivedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information...

8.6CVSS6.4AI score0.00294EPSS
Exploits2References1
NVD
NVD
added 2025/08/06 9:15 p.m.8 views

CVE-2025-51055

Insecure Data Storage of credentials has been found in /apivedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information...

8.6CVSS0.00294EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/08/06 12:0 a.m.8 views

CVE-2025-51055

Insecure Data Storage of credentials has been found in /apivedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information...

0.00294EPSS
Exploits2References1
CVE
CVE
added 2025/08/06 12:0 a.m.29 views

CVE-2025-51055

CVE-2025-51055 refers to an information disclosure in Vedo Suite 2024.17 where credentials, keys, and database details are stored in plaintext in /api_vedo/configuration/config.yml. Multiple connected sources corroborate this: the CVE description (NVD/Red Hat/CVE lists) and the PT-2025-32219 advi...

8.6CVSS6.6AI score0.00294EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/06 12:0 a.m.4 views

CVE-2025-51055

Insecure Data Storage of credentials has been found in /apivedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information...

6.5AI score0.00294EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/07/21 11:1 a.m.2 views

CVE-2025-41458 Insecure data storage vulnerability in Two App Studio Journey v5.5.9 for iOS

Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem...

5.5CVSS6AI score0.00089EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/21 11:1 a.m.8 views

CVE-2025-41458 Insecure data storage vulnerability in Two App Studio Journey v5.5.9 for iOS

Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem...

5.5CVSS0.00089EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.4 views

WeGIA 跨站脚本漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the control.php endpoint descricaoemergencia parameter, for which no detailed vulnerability details are...

6.4CVSS6.2AI score0.0025EPSS
Exploits1References1
OSV
OSV
added 2025/07/08 11:15 a.m.3 views

CVE-2025-21003

Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information...

5.5CVSS5.8AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/07 12:0 a.m.5 views

The vulnerability of the mp() function (/goform/mp) in the microprogramming software for Wi-Fi range extension device Belkin F9K1122 allows a intruder to execute arbitrary commands.

The vulnerability of the mp function /goform/mp in the microprogramming software for Wi-Fi range extension by Belkin F9K1122 is related to the lack of measures taken to secure data at the control level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...

6.5CVSS6.9AI score0.38138EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 2:57 a.m.2 views

CVE-2023-0967

Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...

6.5CVSS6.6AI score0.00669EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:30 p.m.2 views

CVE-2022-1257

Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files...

6.1CVSS6.4AI score0.00622EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:25 p.m.9 views

CVE-2021-25266

An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile Android before version 9.7.3495...

3.9CVSS6.7AI score0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:37 p.m.6 views

CVE-2020-35455

The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage...

7.8CVSS6.9AI score0.00235EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 2:44 a.m.6 views

CVE-2018-11544

The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/sharedprefs/com.theolivetree.ftpserverpreferences.xml file as the prefUsername and prefUserpass strings...

9.8CVSS6.9AI score0.01527EPSS
Exploits1References1
Rows per page
Query Builder