380 matches found
ZimaOS <= v1.2.4 - Sensitive Information Disclosure
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as http:///v1/users/image?path=/var/lib/casaos/1/apporder.json and http:///v1/users/image?path=/var/lib/casaos/1/system.json,...
CVE-2026-27648
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...
CVE-2026-24792
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...
CVE-2026-27648
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...
EUVD-2026-30829
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...
CVE-2026-27648
OpenHarmony WebWebView component on OpenHarmony v6.0 and earlier is affected by an out-of-bounds write vulnerability that enables remote code execution in pre-installed apps. Affected: web_webview in OpenHarmony before/including v6.0. Root cause: out-of-bounds write (details not enumerated beyond...
CVE-2026-24792 web_webview has a Race Condition vulnerability
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...
CVE-2026-24792
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...
EUVD-2026-30826
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...
PT-2026-41814
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...
OpenHarmony 安全漏洞
OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained security vulnerabilities, allowing attackers to execute arbitrary code in pre-installed applications...
macOS 15.x < 15.7.7 Multiple Vulnerabilities (127116)
The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.7.7. It is, therefore, affected by multiple vulnerabilities: - A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sonoma...
CVE-2026-34082
CVE-2026-34082 affects the open-source platform Dify . A flaw in the authorization of the endpoint DELETE /console/api/installed-apps//conversations/ (prior to 1.13.1) allows any authenticated user to delete another user’s chat history, an IDOR-type vulnerability. This could enable unauthorized a...
dify 安全漏洞
Dify is an open-source LLM application development platform developed by LangGenius. Versions of Dify prior to 1.13.1 contained a security vulnerability. This vulnerability stemmed from insufficient authorization checks in the DELETE /console/api/installed-apps//conversations/ method, which could...
CVE-2026-28878
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.7, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps...
CVE-2026-28882
This issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps...
CVE-2026-28833
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps...
CVE-2026-28880
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps...
CVE-2025-25277
in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios...
CVE-2025-52458
in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios...