CVE-2024-32963

Navidrome exposes a parameter tampering vulnerability in HTTP requests that allows an attacker to mutate request body parameters and impersonate other users. The flaw enables actions such as creating playlists, adding songs, posting comments, changing a playlist to public, and assigning the admin...

CVE-2020-12860

COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name...

Authentication flaw

Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner of the phone...

http-affiliate-id NSE Script

Grabs affiliate network IDs e.g. Google AdSense or Analytics, Amazon Associates, etc. from a web page. These can be used to identify pages with the same owner. If there is more than one target using an ID, the postrule of this script shows the ID along with a list of the targets using it. Support...