EUVD-2021-13244

Malware in sbrugna...

GHSA-9CWV-PXCR-HFJC LF Edge eKuiper Vulnerable to Stored XSS in Configuration Key Functionality

Summary Stored Cross-Site Scripting XSS vulnerability allows attackers to inject malicious scripts into web applications, which can then be executed in the context of other users' browsers. This can lead to unauthorized access to sensitive information, session hijacking, and spreading of malware,...

GHSA-6HRW-X7PR-4MP8 LF Edge eKuiper allows Stored XSS in Rules Functionality

Summary Stored Cross-Site Scripting XSS vulnerability allows attackers to inject malicious scripts into web applications, which can then be executed in the context of other users' browsers. This can lead to unauthorized access to sensitive information, session hijacking, and spreading of malware,...

LF Edge eKuiper allows Stored XSS in Rules Functionality

Summary Stored Cross-Site Scripting XSS vulnerability allows attackers to inject malicious scripts into web applications, which can then be executed in the context of other users' browsers. This can lead to unauthorized access to sensitive information, session hijacking, and spreading of malware,...

CVE-2025-0055 Information Disclosure vulnerability in SAP GUI for Windows

SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in...

CVE-2024-44158

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. A shortcut may output sensitive user data without consent...

CVE-2023-7198 WPDashboardNotes < 1.0.11 - Unauthorised Deletion of Private Notes

The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References IDOR in postid= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of...

CVE-2023-7198

The WP Dashboard Notes WordPress plugin (versions

CVE-2024-24548

CVE-2024-24548 affects Payment EX Ver1.1.5b and earlier. The issue is an information disclosure vulnerability that allows a remote unauthenticated attacker to obtain the information of the user who purchases merchandise using Payment EX. Documented across NVD, JVN, Red Hat, CNVD, and others, the ...

CVE-2023-24881 Microsoft Teams Information Disclosure Vulnerability

...

CVE-2023-34106

CVE-2023-34106 affects GLPI: versions starting from 0.68 up to 10.0.7/10.0.8 expose a rights check flaw on a file accessible to authenticated users, allowing access to the list of all users and their personal information. The advisory explicitly recommends upgrading to 10.0.8 for the patch. Conne...

CVE-2023-2623

CVE-2023-2623 affects the KiviCare WordPress plugin prior to 3.2.1. The flaw allows low-privilege users (e.g., subscribers) to retrieve other users’ sensitive data (e.g., email, hashed passwords) due to insufficient response data filtering. Root cause: information disclosure through unrestricted ...

A Secure User Authentication Method – Planning is More Important than Ever

When considering authentication providers, many organizations consider the ease of configuration, ubiquity of usage, and technical stability. Organizations cannot always be judged on those metrics alone. There is an increasing need to evaluate company ownership, policies and the stability, or...

Mantis Bug Tracker 2.24.3 - &#039;access&#039; SQL Injection

Exploit Title: Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Date: 30/12/2020 Exploit Author: EthicalHCOP Vendor Homepage: https://www.mantisbt.org/ Version: 2.24.3 CVE: CVE-2020-28413 import requests, sys, time from lxml import etree proxies = "http": "http://127.0.0.1:8080", "https":...

Design/Logic Flaw

The Eat Spray Love mobile app for both iOS and Android contains a backdoor account that, when modified, allowed privileged access to restricted functionality and to other users' data...

AVideo Platform 8.1 - Information Disclosure (User Enumeration)

Exploit Title: AVideo Platform 8.1 - Information Disclosure User Enumeration Dork: N/A Date: 2020-02-05 Exploit Author: Ihsan Sencan Vendor Homepage: https://avideo.com Software Link: https://github.com/WWBN/AVideo Version: 8.1 Tested on: Linux CVE: N/A POC: 1...

Data collectors

Who owns data owns the world. And with the Internet taking over much of our daily lives, it has become far easier and faster to receive, collect, and analyze data. The average user cannot even imagine how much data gets collected on them. Besides technical information for example, about a...

Grindr Poses National Security Risk, U.S. Gov Says

UPDATE The Committee on Foreign Investment in the United States CFIUS has named the ownership of popular gay dating app Grindr a national security risk, according to a report. Grindr describes itself as “the world’s largest social networking app for gay, bisexual, transgender and queer people.” A...

Google Play Cracks Down on Malicious Apps

Google Play is ramping up its offensive against malicious apps, which have continued to plague the official app store for Android devices over the years. In a Wednesday post, Andrew Ahn, product manager at Google Play, said that the number of app submissions that were rejected on the app...

Google to Encrypt Android Cloud Backups With Your Lock Screen Password

In an effort to secure users' data while maintaining privacy, Google has announced a new security measure for Android Backup Service that now encrypts all your backup data stored on its cloud servers in a way that even the company can't read it. Google allows Android users to automatically backup...