29 matches found
ASB-A-365086157
In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-14909
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...
EUVD-2019-7220
Malware in sbrugna...
EUVD-2017-3986
Malware in sbrugna...
EUVD-2019-3431
Malware in sbrugna...
EUVD-2007-0797
Malware in sbrugna...
EUVD-2019-9430
Malware in sbrugna...
EUVD-2018-4463
Malware in sbrugna...
EUVD-2022-5707
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2024-32870
Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info name, version and parameters can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are...
CVE-2022-20004
In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-29025
A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/myimages.php URI...
CVE-2018-14012
WolfSight CMS 3.2 allows SQL injection via the PATHINFO to the default URI...
smallrye-fault-tolerance: SmallRye Fault Tolerance
A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service DoS issue...
CVE-2024-52598
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the...
PT-2022-14251 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-12L Description: The issue is related to improper input validation in the checkSlicePermission function of SliceManagerService.java, allowing access to any slice URI. This could lead to local...
CVE-2020-28937
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information PHI stored in the application, via a direct request for the /tests/ URI...
CVE-2019-11730
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...
Security vulnerabilities fixed in Firefox ESR 60.8 — Mozilla
As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. When an inner window is reused, it does not consider the use of document.domain for cross-origin...
Security vulnerabilities fixed in Firefox 68 — Mozilla
As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. When an inner window is reused, it does not consider the use of document.domain for cross-origin...