CVE-2024-29074

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input...

CVE-2024-29074

OpenHarmony v3.2.4 and earlier are affected by CVE-2024-29074, which allows a local attacker to execute arbitrary code in any app due to improper input validation. This is a local, high-severity issue with potential full control over targeted apps as indicated by CVSS metrics (AV:L, AC:L, PR:L, U...

CVE-2024-21834

Summary of CVE-2024-21834 (OpenHarmony): OpenHarmony v3.2.4 and earlier versions contain a vulnerability that allows a local attacker to cause applications to crash due to a type confusion issue. The impact is described as availability loss (app crashes) with a local attack vector and low privile...

CVE-2023-46708

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free...

Out-of-bounds

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read...

CVE-2024-21826

OpenHarmony has a local-information-disclosure vulnerability (CVE-2024-21826) affecting v3.2.4 and earlier, attributed to insecure storage in the Huks component. A local attacker can access sensitive data due to improper storage protections. Remediation: upgrade to a version newer than 3.2.4; a t...

CVE-2023-49602

CVE-2023-49602 affects OpenHarmony v3.2.4 and earlier. The underlying issue is a type confusion in ArkUI-related code that can be triggered by a local attacker, causing apps to crash. Public references consistently describe the impact as a local crash with no broader compromise described in the p...

CVE-2023-25176 Pasteboard has an out-of-bounds read vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read...

CVE-2023-25176

OpenHarmony affects OpenHarmony v3.2.4 and prior versions. The CVE-2023-25176 issue is an information leak via an out-of-bounds read in the pasteboard/local pathway, exploitable by a local attacker. Root cause: out-of-bounds read leading to confidentiality impact. Impact is described as informati...

CVE-2023-43756

in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read...

Out-of-bounds

in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read...

CVE-2023-49118 Dsoftbus has an out-of-bounds read vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read...

CVE-2022-4930

A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.5 is able to...

Gym Management System 1.0 SQL Injection

Exploit Title: Gym Management System 1.0 - Authentication Bypass Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html Software Link:...

Car Park Management System 1.0 SQL Injection

Exploit Title: Car Park Management System 1.0 - Authentication Bypass Date: 2020-05-07 Exploit Author: Tarun Sehgal Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/car-park-management-system.zip Version: 1.0...

JVN#96493183: GROWI vulnerable to cross-site scripting

GROWI provided by WESEEK, Inc. contains a cross-site scripting vulnerability CWE-79. The settings option for enabling and disabling the measures against cross-site scripting "Enable XSS prevention" option was introduced in v3.1.12. However, there was an issue with the implementation where the...