CVE-2026-29055 Tandoor Recipes: WebP and GIF Image Uploads Bypass EXIF/Metadata Stripping, Leaking GPS Coordinates and PII

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the image processing pipeline in Tandoor Recipes explicitly skips EXIF metadata stripping, image rescaling, and size validation for WebP and GIF image formats. A...

CVE-2021-0518

In Wi-Fi, there is a possible leak of location-sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-176541...

PT-2025-50774

Name of the Vulnerable Software and Affected Versions SpaceX Starlink Dish versions 2024.12.04.mr46620 Description SpaceX Starlink Dish devices allow administrative actions via unauthenticated LAN gRPC requests, referred to as MARMALADE 2. The cross-origin policy can be bypassed by omitting a...

PT-2025-3040 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.7.2 macOS versions prior to 15.2 Description: The issue is related to insufficient protection of service data in the Find My component of MacOs, which may allow an attacker to disclose protected information. An app...

Apple iOS and iPadOS Security Vulnerabilities

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 17.4 and iPadOS version 17.4, which originates from an application th...

Hardcoded credentials

The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connect...

CVE-2022-20240

In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:...

UBUNTU-CVE-2022-20240

In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:...

PT-2022-7242 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: iCloud Photo Library versions prior to iOS 16.2 iCloud Photo Library versions prior to iPadOS 16.2 iCloud Photo Library versions prior to macOS Ventura 13.1 Description: The issue is related to a logic problem that has been addressed with...