12 matches found
CVE-2026-44698 Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app WebView window.externalApp on Android and...
iOS Workspace App 2501.10 - How to Fix Login Hang at "Stay Signed In" Prompt
Users of the Citrix Workspace app on iOS devices may experience a hang or freeze at the "Stay Signed In" prompt after adding their Citrix Cloud workspace URL. The app becomes unresponsive, preventing users from selecting either "Allow" or "Deny."...
Linux Distros Unpatched Vulnerability : CVE-2017-4966
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PC...
CVE-2024-54147 Altair GraphQL Client's desktop app does not validate HTTPS certificates
Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks eg. public wifi, malicious DNS servers may have all GraphQL...
Umbraco CMS Open Redirect Bypass Protection
Impact Umbraco have an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice, before the vulnerability is exposed. Affected Version = 8.18.5, = 10.5.0, = 12.0.0, = 13.0.0 Patches 8.18.14, 10.8.6, 12.3.10, 13.3.1...
USN-6265-1 rabbitmq-server vulnerability
It was discovered that RabbitMQ incorrectly handled certain signed-in user credentials. An attacker could possibly use this issue to expose sensitive information...
Debian DLA-2710-1 : rabbitmq-server - LTS security update
The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2710 advisory. - An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF...
grub2: Fail kernel validation without shim protocol
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim...
CVE-2017-18262
Blackboard Learn Since at least 17th of October 2017 has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI...
Facebook Brute Force with Customize Word Lists for Signed In Accounts
Brute Forcing is easy for Any Signed In Facebook Account at Firefox or Chrome. Usage Info Simple is that you just have to run on Developer Console of Google Chrome or Web Console of Firefox, Javascript Console of Safari, you name it. This is private exploit. You can buy it at https://0day.today...
PHP Gift Registry 1.5.5 - SQL Injection
PHP Gift Registry 1.5.5 - SQL Injection Exploit Title: PHP Gift Registry 1.5.5 SQL Injection Date: 02/22/12 Author: G13 Software Link: https://sourceforge.net/projects/phpgiftreg/ Version: 1.5.5 Category: webapps php Vulnerability The userid parameter in the users.php file is vulnerable to SQL...
Google Moving Gradually Toward Encrypted Search
Google is moving to make queries and results from the company’s immensely popular search engine encrypted by default in the coming weeks, but only for users signed into their Google Accounts. In a post on The Official Google Blog, the Mountain View based company claims signed-in users may begin...