Microsoft Windows UPnP 资源管理错误漏洞

Microsoft Windows UPnP is a device agent from Microsoft Corporation USA. Providing a proxy allows Windows network connections to recognize the IP address of ZoneDirector. A resource management error vulnerability exists in Microsoft Windows UPnP. An attacker could exploit this vulnerability to...

CVE-2024-5743

An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42...

CVE-2024-5743 Command Injection Vulnerability

An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42...

CVE-2024-5743 Command Injection Vulnerability

An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42...

CVE-2024-5743

CVE-2024-5743 affects Eve Play (EveHome) up to version 1.1.42. Root cause: use of a password hash with insufficient computational effort, enabling an attacker to execute arbitrary code. Impact is high across confidentiality, integrity, and availability per the CVE metrics. Remediation: upgrade to...

EveHome Eve Play 安全漏洞

EveHome Eve Play is an audio streaming interface from EveHome, Inc. A security vulnerability exists in EveHome Eve Play version 1.1.42 and earlier, which stems from the presence of a cryptographic hash vulnerability using insufficient computational effort that can be exploited by an attacker to...

PT-2025-3438 · Evehome · Eve Play

Name of the Vulnerable Software and Affected Versions: Eve Play versions through 1.1.42 Description: An attacker could exploit the issue of using a password hash with insufficient computational effort in EveHome Eve Play to execute arbitrary code. Recommendations: For versions through 1.1.42,...

PT-2025-2032 · WordPress · Unlimited Elements For Elementor

Name of the Vulnerable Software and Affected Versions: Unlimited Elements For Elementor plugin for WordPress versions up to, and including, 1.5.135 Description: The issue is related to Stored Cross-Site Scripting via multiple widgets due to insufficient input sanitization and output escaping on...

Android Security Bulletin-January 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2025-01-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

PT-2025-36328

Name of the Vulnerable Software and Affected Versions podman versions 4.0.0 through 5.6.1 Description A vulnerability exists in podman where an attacker can use the kube play command to overwrite host files. This occurs when the kube file contains a Secret or a ConfigMap volume mount, and that...

PT-2025-52660

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Comedi low-level driver "c6xdigio" has a flaw related to parallel port Plug and Play PNP resource management. The driver incorrectly handles PNP driver registration and unregistratio...

PT-2024-10862 · Huawei · Huawei Products

Name of the Vulnerable Software and Affected Versions: Huawei products affected versions not specified Description: A buffer error vulnerability exists in some Huawei products, allowing an unauthenticated attacker to send a special UPNP message to the affected products. Due to insufficient input...

15 SpyLoan Apps Found on Play Store Targeting Millions

SUMMARY Cybercriminals are exploiting SpyLoan, or predatory loan apps, to target unsuspecting users globally. McAfee cybersecurity researchers report…...

8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play

Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs. "These PUP potentially unwanted programs applications use social engineering tactics to...

Android Security Bulletin December 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2024-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

CVE-2024-11192

The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress plugin Spotify Play Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-16809 · WordPress · Spotify Play Button

Name of the Vulnerable Software and Affected Versions: Spotify Play Button for WordPress plugin versions up to and including 2.11 Description: The issue concerns Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

WordPress Sp*tify Play Button for WordPress plugin <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via spotifyplaybutton Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Sptify Play Button for WordPress versions = 2.11...

Gmail's New Shielded Email Feature Lets Users Create Aliases for Email Privacy

Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam. The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services...