Lucene search
K

8 matches found

EUVD
EUVD
added 2026/03/24 7:30 p.m.6 views

EUVD-2026-14996

solidtime is an open-source time-tracking app. Prior to version 0.11.6, the project detail endpoint GET /api/v1/organizations/org/projects/project allows any authenticated Employee to access any project in the organization by UUID, including private projects they are not a member of. The index...

6.5CVSS5.7AI score0.00416EPSS
Exploits1References3
CVE
CVE
added 2026/03/06 4:49 a.m.14 views

CVE-2026-28685

CVE-2026-28685 : Kimai’s API endpoint GET /api/invoices/{id} lacked customer-level access control. Before v2.51.0, the API checked only the role-based view_invoice permission, allowing any user with the ROLE_TEAMLEAD to read invoices for any customer, breaking data isolation. The Red Hat/NVD/NVD-...

6.5CVSS5.8AI score0.00399EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2025/01/06 12:0 a.m.4 views

AAT 信息泄露漏洞

AAT is a GPS tracking application by bailuk personal developer. It is used for tracking physical activity with a focus on cycling. An information disclosure vulnerability exists in versions prior to AAT v1.26, which stems from being susceptible to data disclosure from a malicious application...

5.5CVSS5.7AI score0.00168EPSS
Exploits0References1
HackRead
HackRead
added 2022/11/29 6:16 p.m.26 views

Fake COVID-19 Tracking App Spreads Punisher Ransomware

By Deeba Ahmed Currently, the new campaign involving Punisher ransomware is targeting users in Chile. This is a post from HackRead.com Read the original post: Fake COVID-19 Tracking App Spreads Punisher Ransomware...

3.3AI score
Exploits0
Talos Blog
Talos Blog
added 2022/08/18 6:0 p.m.15 views

Threat Source newsletter (Aug. 18, 2022) — Why aren't Lockdown modes the default setting on phones?

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. As the data privacy landscape gets increasingly murky, app developers and device manufacturers are finding new ways to sure up users’ personal information. Of course, all users have to do is go out of their way to...

8.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2020/05/26 12:0 a.m.5 views

PT-2020-13158 · Australian Government · Aus. Gov. Covid Tracking App

Name of the Vulnerable Software and Affected Versions: Aus. Gov. COVID tracking app affected versions not specified Description: The issue allows an attacker to track a target device even after the app is uninstalled. Recommendations: At the moment, there is no information about a newer version...

9.2AI score
Exploits0References5
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/05/12 7:6 a.m.31 views

Short beacon analysis on the NHS iOS Tracking application

We recently helped the BBC with a piece on the new NHS COVID-19 tracking application. Concerns were raised by some about the ability for the app to track interactions while it was running in the background. There had been some discussion that suggested two iOS devices running the app whilst...

6.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/04/01 8:24 a.m.78 views

A week in security (March 25 – 31)

Last week, we looked at plugin vulnerabilities, location tracking app problems, and talked about plain text password woes. We also looked at federal data privacy regulation and took a deep dive into BatMobi Adware. Other cybersecurity news Poisoned software update headache for ASUS Source: The...

0.3AI score
Exploits0
Rows per page
Query Builder