CVE-2025-21040

Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information...

CVE-2025-21040

Samsung S Assistant is affected by CVE-2025-21040 due to improper verification of intent in ExternalBroadcastReceiver. Versions before 9.3.2 allow local attackers to modify itinerary information. Affected software: S Assistant prior to 9.3.2. Root cause: insufficient validation of intent in the E...

CVE-2025-21039

Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information...

PT-2025-35694

Name of the Vulnerable Software and Affected Versions: S Assistant versions prior to 9.3.2 Description: Improper verification of intent by ExternalBroadcastReceiver in S Assistant allows local attackers to modify itinerary information. Recommendations: Update S Assistant to version 9.3.2 or later...

itineraries.mandarinjourneys.com XSS vulnerability

Open Bug Bounty ID: OBB-585619 Description| Value ---|--- Affected Website:| itineraries.mandarinjourneys.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6....

Harvest: Login bypass on travel.██████████ aka "Harvest Spring Summit 2017"

Introduction I stumbled upon http://travel.████. It looks like the portal for Harvest Spring Summit 2017 travel planning and announcement. I was able to gain access to this portal and view the travel itineraries of some of the summit's participants. A note on scope I realize this domain is not...