Malicious code in lounge-theme-amoled (npm)

The package lounge-theme-amoled was found to contain malicious code...

MAL-2025-25612 Malicious code in lounge-theme-amoled (npm)

The package lounge-theme-amoled was found to contain malicious code...

CVE-2021-43171

Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response...

frankfurtfashionlounge.de Cross Site Scripting vulnerability OBB-3916622

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

lounge-about.com Improper Access Control vulnerability OBB-3804049

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

hair-lounge-with.com Improper Access Control vulnerability OBB-3800861

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-47372

The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims...

CVE-2023-47372

The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims...

Code injection

The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims...

CVE-2023-47372

CVE-2023-47372 involves leakage of a channel access token in UPDATESALON C-LOUNGE for Line version 13.6.1, enabling remote attackers to send malicious notifications to victims. Connected sources corroborate token leakage and unrelated security notes, but do not provide a concrete exploit path, af...

CVE-2023-47372

The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims...

hr-lounge.at Cross Site Scripting vulnerability OBB-3748177

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-43171

Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response...

Input validation

Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response...

CVE-2021-43171

Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response...

App Lounge 数据伪造问题漏洞

App Lounge is the second iteration of the app store embedded in /e/OS from the /e/ team. It allows everyone to access millions of apps directly from their phone's home screen. A security vulnerability exists in versions prior to App Lounge 0.19q that stems from not properly verifying an...

CVE-2021-43171

Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response...

cartoonlounge.de Cross Site Scripting vulnerability OBB-3422619

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

hr-lounge.at Cross Site Scripting vulnerability OBB-3352722

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

energielounge.at Improper Access Control vulnerability OBB-2228855

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...