Lucene search
K

16 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 3:8 p.m.12 views

Malicious code in @nutui/nutui-react-taro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71ad42f4bfd953311c2d69f622cc6e8d5193a8852ac0bbc9ea0781ac6b651390 The package's postinstall.js invokes execSync'npm-usage-stats disable' and execSync'npm-usage-stats', stdio: 'inherit' . The npm-usage-stats bin is...

6.4AI score
Exploits0References1
OSV
OSV
added 2026/05/20 3:8 p.m.14 views

MAL-2026-4409 Malicious code in @nutui/nutui-react-taro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71ad42f4bfd953311c2d69f622cc6e8d5193a8852ac0bbc9ea0781ac6b651390 The package's postinstall.js invokes execSync'npm-usage-stats disable' and execSync'npm-usage-stats', stdio: 'inherit' . The npm-usage-stats bin is...

6.4AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/20 3:13 a.m.2 views

CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...

5.3CVSS5.7AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-25524

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00105EPSS
Exploits0References1
OSV
OSV
added 2025/06/23 3:15 p.m.4 views

CVE-2025-52877

In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible...

4.8CVSS5.8AI score0.14147EPSS
Exploits0References1
CNVD
CNVD
added 2023/11/01 12:0 a.m.12 views

Google Android Information Disclosure Vulnerability (CNVD-2023-99048)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that is caused by a flaw in the Usage Stats Service. An attacker can exploit this vulnerability to obtain sensitive information...

5.5CVSS6AI score0.00105EPSS
Exploits0References1
NVD
NVD
added 2023/10/30 5:15 p.m.19 views

CVE-2022-20264

In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS5.1AI score0.00105EPSS
Exploits0References1
OSV
OSV
added 2023/10/30 5:15 p.m.3 views

CVE-2022-20264

In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS5.9AI score0.00105EPSS
Exploits0References1
Prion
Prion
added 2023/10/30 5:15 p.m.20 views

Information disclosure

In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

1.7CVSS5.6AI score0.00105EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/30 4:18 p.m.29 views

CVE-2022-20264

In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

6AI score0.00105EPSS
Exploits0References1
CVE
CVE
added 2023/10/30 4:18 p.m.65 views

CVE-2022-20264

CVE-2022-20264 affects Android’s Usage Stats Service . The vulnerability describes a side-channel disclosure that can reveal whether an app is installed without requiring query permissions. The resulting exposure is a local information disclosure with no additional execution privileges, and explo...

5.5CVSS5.6AI score0.00105EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/30 4:18 p.m.25 views

CVE-2022-20264

In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

6.1AI score0.00105EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/30 12:0 a.m.5 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that is caused by a flaw in the Usage Stats Service. An attacker can exploit this vulnerability to obtain sensitive information...

5.5CVSS6AI score0.00105EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/30 12:0 a.m.6 views

PT-2023-12642 · Unknown · Usage Stats Service

Name of the Vulnerable Software and Affected Versions: Usage Stats Service affected versions not specified Description: The issue allows an attacker to determine whether an app is installed without query permissions due to side channel information disclosure. This could lead to local information...

5.5CVSS6.1AI score0.00105EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/02/11 6:15 p.m.3 views

CVE-2021-39619

In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.2AI score0.00133EPSS
Exploits0References2
Cvelist
Cvelist
added 2005/07/14 4:0 a.m.23 views

CVE-2002-2057

TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/memberlog.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'...

6.4AI score0.01649EPSS
Exploits1References4
Rows per page
Query Builder