Lucene search
K

158 matches found

Vulnrichment
Vulnrichment
added 2024/06/25 2:13 a.m.15 views

CVE-2024-6295 udn News App - Insecure Data Storage

udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn...

3.9CVSS6.7AI score0.00212EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.4 views

WordPress plugin Defender Security 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS6.6AI score0.00679EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/01 9:13 a.m.15 views

CVE-2024-3130 Insecure Data Storage leading to sensitive Information disclosure.

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app...

5.7CVSS6.6AI score0.00135EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:4 a.m.17 views

BIT-PARSE-2020-5251 Information disclosure in parse-server

In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way...

7.7CVSS6.1AI score0.00849EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.13 views

PT-2024-15544 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions prior to 2.88.16 Description: The issue affects the MapPress Maps for WordPress plugin, allowing unauthenticated users to read arbitrary private and draft posts due to an Insecure Direct Object Reference...

5.3CVSS7.4AI score0.00568EPSS
Exploits2References7
Veracode
Veracode
added 2023/10/18 5:51 a.m.20 views

Insecure Data Handling

libnbd is vulnerable to Insecure Data Handling. The vulnerability is due to nbdunlockedgetsize function not sanitizing/checking data that sizes larger than INT64MAX. This could lead to potential Denial of service...

6.5CVSS6.7AI score0.00746EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2023/07/19 1:15 a.m.3 views

CVE-2023-35898

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352...

6.5CVSS5.8AI score0.0046EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.6 views

BD Alaris System with Guardrails Suite MX 安全漏洞

The BD Alaris System with Guardrails Suite MX is a medical device from BD Medical BD. A security vulnerability exists in the BD Alaris System with Guardrails Suite MX that stems from an insecure data transfer between the PCU and its modules. A threat participant with physical access could read or...

6.1CVSS6.2AI score0.00169EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.5 views

PT-2023-22789 · Pcu · Pcu

Name of the Vulnerable Software and Affected Versions: PCU affected versions not specified Description: The issue concerns the insecure data flow between the PCU and its modules. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device whil...

6.1CVSS6AI score0.00169EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/12 12:0 a.m.5 views

InHand Networks InRouter302 安全漏洞

The InHand Networks InRouter302 is an LTE cellular router from InHand Networks, Inc. A security vulnerability exists in the InHand Networks InRouter302 version prior to V3.5.56, and the InRouter615 version prior to V2.3.0.r5542, which stems from the plaintext transmission of sensitive information...

6.5CVSS6AI score0.00513EPSS
Exploits0References2
Redos
Redos
added 2022/10/13 12:0 a.m.56 views

ROS-20221013-02

The vulnerability in the Moodle course management system is related to the fact that the H5P attempted action report does not group permissions are not taken into account when displaying to non-editing teachers information about attempts/users in groups to which they should not have access. about...

9.8CVSS7.1AI score0.49102EPSS
Exploits2
Cvelist
Cvelist
added 2022/08/25 11:28 p.m.26 views

CVE-2021-32570

In Ericsson Network Manager ENM releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security...

5.2AI score0.00664EPSS
Exploits0References2
OSV
OSV
added 2022/08/19 11:15 p.m.2 views

CVE-2022-2792

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists...

7.5CVSS5.8AI score0.00365EPSS
Exploits0References1
0day.today
0day.today
added 2022/08/19 12:0 a.m.372 views

Polar Flow Android 5.7.1 Secret Disclosure Vulnerability

Insecure data storage in Polar Flow Android application Overview Advisory ID: TRSA-2110-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2110-01 Affected product: Polar Flow Android mobile application fi.polar.polarflow Affected version: 5.7.1...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.7 views

s3-uploader 操作系统命令注入漏洞

s3-uploader is flexible and efficient for image resizing, renaming and uploading to Amazon S3 disk storage. A security vulnerability in Turistforeningen node-s3-uploader 2.0.3 and earlier stems from a Node.js package insecurely passing data to the metadata function, which ultimately connects to a...

10CVSS8.5AI score0.02979EPSS
Exploits1References2
OSV
OSV
added 2022/05/19 6:15 p.m.10 views

CVE-2021-32934

The affected ThroughTek P2P products SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module do not sufficiently protect data...

7.5CVSS7.4AI score0.00578EPSS
Exploits0References1
NVD
NVD
added 2022/04/27 5:15 p.m.27 views

CVE-2021-25266

An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile Android before version 9.7.3495...

3.9CVSS0.00225EPSS
Exploits0References1
OSV
OSV
added 2022/04/27 5:15 p.m.4 views

CVE-2021-25266

An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile Android before version 9.7.3495...

3.9CVSS5.8AI score0.00225EPSS
Exploits0References1
CVE
CVE
added 2022/04/27 4:45 p.m.82 views

CVE-2021-25266

The CVE-2021-25266 entry describes an insecure data storage vulnerability in Sophos Authenticator for Android (

3.9CVSS4.2AI score0.00225EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2022/04/27 4:45 p.m.38 views

CVE-2021-25266

An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile Android before version 9.7.3495...

3.9CVSS4.4AI score0.00225EPSS
Exploits0References1
Rows per page
Query Builder