CVE-2024-39767

Mattermost Mobile Apps versions =2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that...

CVE-2024-50811

hopetree izone lts c011b48 contains a server-side request forgery SSRF vulnerability in the active push function as \\apps\\tool\\apis\\bdpush.py does not securely filter user input through pushurls and geturls...

CVE-2024-44021

Missing Authorization vulnerability in truepushplugin Truepush truepush-free-web-push-notifications.This issue affects Truepush: from n/a through = 1.0.8...

CVE-2023-31794

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdfmarklistpush. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PDF file...

CVE-2023-26531

Cross-Site Request Forgery CSRF vulnerability in 闪电博 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 allows Cross Site Request Forgery.This issue affects 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条: from n/a through 4.2.7...

CVE-2023-32688

parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3...

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

CVE-2023-42541

Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id...

CVE-2023-42542

Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device...

CVE-2023-30736

Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required...

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

CVE-2022-24125

The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted o...

CVE-2022-39870

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSHMESSAGERECEIVED broadcast...

CVE-2022-3610

The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-24334

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server...

CVE-2021-20846

Cross-site request forgery CSRF vulnerability in Push Notifications for WordPress Lite versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page...

CVE-2020-1387

An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'...

CVE-2020-1137

An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'...

CVE-2020-1017

An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0940, CVE-2020-1001, CVE-2020-1006...

CVE-2020-1016

An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory, aka 'Windows Push Notification Service Information Disclosure Vulnerability'...