Lucene search
K

63 matches found

NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-54318

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any installed app, with zero runtime permissions, can broadcast a forged Google Play Services...

7.1CVSS0.00113EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/23 5:40 p.m.38 views

CVE-2026-54318 Home Assistant: Exported BroadcastReceiver allows local apps to spoof device location

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any installed app, with zero runtime permissions, can broadcast a forged Google Play Services...

7.1CVSS0.00113EPSS
Exploits1References2
CVE
CVE
added 2026/06/23 5:40 p.m.35 views

CVE-2026-54318

Affected software: Home Assistant Android components. Vulnerability: LocationSensorManager BroadcastReceiver was exported with no permission prior to 2026.5.3, allowing any local app (zero runtime permissions) to broadcast a forged Google Play Services LocationResult to spoof the device’s locatio...

7.1CVSS5.9AI score0.00113EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51577

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2026.5.3 Description The LocationSensorManager BroadcastReceiver is exported without requiring permissions. This allows any installed application on the device, regardless of its runtime permissions, to send a...

7.1CVSS5.8AI score0.00113EPSS
Exploits1References6
EUVD
EUVD
added 2026/05/20 12:31 a.m.12 views

EUVD-2026-30989

Modification of Assumed-Immutable Data MAID vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing. This issue affects Translate Drupal with GTranslate: from 0.0.0 before 3.0.5...

5.8AI score0.00236EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 10:29 p.m.10 views

CVE-2026-8492

Modification of Assumed-Immutable Data MAID vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing. This issue affects Translate Drupal with GTranslate: from 0.0.0 before 3.0.5...

5.8AI score0.00236EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 10:29 p.m.9 views

CVE-2026-8492 Translate Drupal with GTranslate - Less critical - DOM clobbering / link manipulation - SA-CONTRIB-2026-035

Modification of Assumed-Immutable Data MAID vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing. This issue affects Translate Drupal with GTranslate: from 0.0.0 before 3.0.5...

5.8AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 10:29 p.m.38 views

CVE-2026-8492 Translate Drupal with GTranslate - Less critical - DOM clobbering / link manipulation - SA-CONTRIB-2026-035

Modification of Assumed-Immutable Data MAID vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing. This issue affects Translate Drupal with GTranslate: from 0.0.0 before 3.0.5...

0.00236EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:17 p.m.4 views

CVE-2026-27693

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

5.4CVSS5.8AI score0.00183EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/07 9:32 p.m.4 views

EUVD-2025-209278

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location...

5.9AI score0.00465EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/07 12:0 a.m.2 views

CVE-2025-69515

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location...

5.9AI score0.00465EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-51456

Malicious code in bioql PyPI...

9.1CVSS6.6AI score0.0036EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-22744

Malicious code in bioql PyPI...

8.2CVSS6.7AI score0.00288EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-35018

Malicious code in bioql PyPI...

6.7CVSS5.8AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-22742

Malicious code in bioql PyPI...

5.3CVSS6.7AI score0.00319EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-22743

Malicious code in bioql PyPI...

5.3CVSS6.7AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/27 7:28 p.m.5 views

CVE-2025-52453

Server-Side Request Forgery SSRF vulnerability in Salesforce Tableau Server on Windows, Linux Flow Data Source modules allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

8.2CVSS7.3AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/27 7:28 p.m.5 views

CVE-2025-52454

Server-Side Request Forgery SSRF vulnerability in Salesforce Tableau Server on Windows, Linux Amazon S3 Connector modules allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

5.3CVSS7.3AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/27 7:28 p.m.9 views

CVE-2025-52455

Server-Side Request Forgery SSRF vulnerability in Salesforce Tableau Server on Windows, Linux EPS Server modules allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

5.3CVSS7.3AI score0.00319EPSS
Exploits0References1
OSV
OSV
added 2025/07/25 7:15 p.m.4 views

CVE-2025-52453

Server-Side Request Forgery SSRF vulnerability in Salesforce Tableau Server on Windows, Linux Flow Data Source modules allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19...

8.2CVSS5.8AI score0.00288EPSS
Exploits0References1
Rows per page
Query Builder