8 matches found
EUVD-2026-14996
solidtime is an open-source time-tracking app. Prior to version 0.11.6, the project detail endpoint GET /api/v1/organizations/org/projects/project allows any authenticated Employee to access any project in the organization by UUID, including private projects they are not a member of. The index...
CVE-2026-28685
CVE-2026-28685 : Kimai’s API endpoint GET /api/invoices/{id} lacked customer-level access control. Before v2.51.0, the API checked only the role-based view_invoice permission, allowing any user with the ROLE_TEAMLEAD to read invoices for any customer, breaking data isolation. The Red Hat/NVD/NVD-...
AAT 信息泄露漏洞
AAT is a GPS tracking application by bailuk personal developer. It is used for tracking physical activity with a focus on cycling. An information disclosure vulnerability exists in versions prior to AAT v1.26, which stems from being susceptible to data disclosure from a malicious application...
Fake COVID-19 Tracking App Spreads Punisher Ransomware
By Deeba Ahmed Currently, the new campaign involving Punisher ransomware is targeting users in Chile. This is a post from HackRead.com Read the original post: Fake COVID-19 Tracking App Spreads Punisher Ransomware...
Threat Source newsletter (Aug. 18, 2022) — Why aren't Lockdown modes the default setting on phones?
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. As the data privacy landscape gets increasingly murky, app developers and device manufacturers are finding new ways to sure up users’ personal information. Of course, all users have to do is go out of their way to...
PT-2020-13158 · Australian Government · Aus. Gov. Covid Tracking App
Name of the Vulnerable Software and Affected Versions: Aus. Gov. COVID tracking app affected versions not specified Description: The issue allows an attacker to track a target device even after the app is uninstalled. Recommendations: At the moment, there is no information about a newer version...
Short beacon analysis on the NHS iOS Tracking application
We recently helped the BBC with a piece on the new NHS COVID-19 tracking application. Concerns were raised by some about the ability for the app to track interactions while it was running in the background. There had been some discussion that suggested two iOS devices running the app whilst...
A week in security (March 25 – 31)
Last week, we looked at plugin vulnerabilities, location tracking app problems, and talked about plain text password woes. We also looked at federal data privacy regulation and took a deep dive into BatMobi Adware. Other cybersecurity news Poisoned software update headache for ASUS Source: The...