Lucene search
K

335 matches found

OSV
OSV
added 2024/02/16 8:15 p.m.4 views

CVE-2024-0020

In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is...

5.5CVSS5.9AI score0.00107EPSS
Exploits0References2
Prion
Prion
added 2024/01/23 1:15 a.m.16 views

Code injection

This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences...

1.9CVSS6AI score0.00245EPSS
Exploits0References10Affected Software5
Prion
Prion
added 2024/01/11 8:15 p.m.25 views

Information disclosure

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The Home Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. While the UI doesn't...

6.5CVSS8.6AI score0.04088EPSS
Exploits2References7Affected Software1
OSV
OSV
added 2023/11/07 9:15 p.m.4 views

CVE-2023-46785

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partnerpreference.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS5.8AI score0.00831EPSS
Exploits1References2
Prion
Prion
added 2023/11/07 9:15 p.m.18 views

Sql injection

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partnerpreference.php resource does not validate the characters received and they are sent unfiltered to the database...

7.5CVSS8.6AI score0.00831EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/07 12:0 a.m.7 views

PT-2023-30214 · Unknown · Online Matrimonial Project

Name of the Vulnerable Software and Affected Versions: Online Matrimonial Project version 1.0 Description: The issue concerns Unauthenticated SQL Injection vulnerabilities. Specifically, the id parameter of the "partner preference.php" resource does not validate the characters received and they a...

9.8CVSS9.9AI score0.00831EPSS
Exploits1References3
OSV
OSV
added 2023/10/30 6:15 p.m.6 views

CVE-2023-21390

In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.001EPSS
Exploits0References1
NVD
NVD
added 2023/10/30 6:15 p.m.19 views

CVE-2023-21390

In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.001EPSS
Exploits0References1
Prion
Prion
added 2023/10/30 6:15 p.m.23 views

Design/Logic Flaw

In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS8.2AI score0.001EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/30 5:1 p.m.16 views

CVE-2023-21390

In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.1AI score0.001EPSS
Exploits0References1
CVE
CVE
added 2023/10/30 5:1 p.m.76 views

CVE-2023-21390

CVE-2023-21390 is described across multiple sources as a permission bypass in the Android environment related to a component labeled as Sim, allowing evasion of mobile-preference restrictions and enabling local privilege escalation without requiring extra execution privileges. Exploitation is rep...

7.8CVSS7.8AI score0.001EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/09/27 3:19 p.m.27 views

CVE-2023-5173

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic possibly under influence of a local unprivileged webpage, leading to an out-of-bounds write to privileged process memory. This bug only affects Firefox if a non-standard preference allowin...

7.5CVSS7.8AI score0.00733EPSS
Exploits0References3
OSV
OSV
added 2023/08/23 7:33 p.m.33 views

CVE-2023-40176 SXSS in the user profile via the timezone displayer

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop...

9CVSS5.1AI score0.78879EPSS
Exploits0References5
OSV
OSV
added 2023/08/21 7:59 p.m.40 views

GHSA-H8CM-3V5F-RGP6 XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer

Impact Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop down no free text value it can still be set from JavaScript using the browser developer tools or b...

5.4CVSS7.1AI score0.78879EPSS
Exploits0References5
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.7 views

WordPress ActiveCampaign Email Preference Center Plugin < 2.0.12 is vulnerable to Cross Site Scripting (XSS)

Software ActiveCampaign Email Preference Center Type Plugin Vulnerable versions 2.0.12 Fixed in 2.0.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0ae883cf0c33 Credits Rafie...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.8 views

WordPress Universal email preference center Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Universal email preference center Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bbcdce37fcfa Credits Rafie Muhammad...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/06/09 8:15 p.m.3 views

CVE-2023-29758

An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files...

5.5CVSS6.1AI score0.00327EPSS
Exploits1References2
OSV
OSV
added 2023/06/09 8:15 p.m.3 views

CVE-2023-29758

An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files...

5.5CVSS6AI score0.00327EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.7 views

PT-2023-22405 · Unknown · Blue Light Filter

Name of the Vulnerable Software and Affected Versions: Blue Light Filter version 1.5.5 Description: The issue allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. This can lead to a denial of service. Recommendations: For Blue Light Filter...

5.5CVSS7.2AI score0.00327EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.7 views

Facemoji Emoji Keyboard 安全漏洞

Facemoji Emoji Keyboard is a free AI smart chatgbt Cool custom keyboard font from Facemoji. A security vulnerability exists in Facemoji Emoji Keyboard version v.2.9.1.2 that originates from a denial of service via a SharedPreference file...

5.5CVSS5.7AI score0.0019EPSS
Exploits1References2
Rows per page
Query Builder