Lucene search
K

10963 matches found

Cvelist
Cvelist
added 2022/05/30 1:46 p.m.27 views

CVE-2022-28799

The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL unvalidated deeplink can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click...

8.6AI score0.1553EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/05/30 12:0 a.m.5 views

PT-2022-19245 · Bytedance +1 · Tiktok +1

Name of the Vulnerable Software and Affected Versions: TikTok application before 23.7.3 for Android Description: The issue allows account takeover through a crafted URL that can force the com.zhiliaoapp.musically WebView to load an arbitrary website, potentially leveraging an attached JavaScript...

8.8CVSS8.5AI score0.1553EPSS
Exploits0References11
Zero Day Initiative
Zero Day Initiative
added 2022/04/05 12:0 a.m.13 views

(0Day) (Pwn2Own) Samsung Galaxy S21 Exposed Dangerous Method Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within Web...

6.1CVSS4.9AI score
Exploits0
ICS
ICS
added 2022/03/29 12:0 a.m.49 views

Hitachi Energy LinkOne WebView

1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: LinkOne WebView Vulnerabilities: Cross-site Scripting, Use of a Password System for Primary Authentication, Configuration, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK...

7.5CVSS5.9AI score0.00725EPSS
Exploits0References5
CNVD
CNVD
added 2022/03/18 12:0 a.m.19 views

Bosch Video Security Code Injection Vulnerability

Bosch Video Security is a video security system from Bosch, Germany. Used to connect to Bosch Ip cameras and encoders from around the world, experience instant video playback, full access to your recordings, forensic search of cameras with Bosch video analytics support, and smooth control of Ptz...

4.3CVSS6.3AI score0.00562EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/03/14 12:0 a.m.16 views

Samsung Bixby Touch Access Control Error Vulnerability

An access control error vulnerability exists in Samsung Bixby Touch, a virtual intelligent assistant for Samsung mobile devices, which stems from a failure to properly restrict access to resources from unauthorized roles in Bixby Touch. An attacker could exploit the vulnerability to allow untrust...

4CVSS2.4AI score0.00225EPSS
Exploits0References1
OSV
OSV
added 2022/03/10 5:47 p.m.4 views

CVE-2022-25824

Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

3.3CVSS5.9AI score0.00225EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/10 5:47 p.m.19 views

CVE-2022-25824

Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

4CVSS6AI score0.00225EPSS
Exploits0References2
NVD
NVD
added 2022/03/10 5:47 p.m.19 views

CVE-2022-25824

Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

4CVSS0.00225EPSS
Exploits0References1
Prion
Prion
added 2022/03/10 5:47 p.m.15 views

Improper access control

Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

2.1CVSS4.2AI score0.00225EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.4 views

Samsung Bixby Touch安全漏洞

An access control error vulnerability exists in Samsung Bixby Touch, a virtual intelligent assistant for Samsung mobile devices, which stems from a failure to properly restrict access to resources from unauthorized roles in Bixby Touch. An attacker could exploit the vulnerability to allow untrust...

4CVSS5.7AI score0.00225EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/03/08 1:47 p.m.25 views

CVE-2022-25824

Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

4CVSS4.7AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/03/08 12:0 a.m.5 views

PT-2022-17550 · Samsung · Bixbytouch

Name of the Vulnerable Software and Affected Versions: BixbyTouch versions prior to 2.2.00.6 Description: The issue is related to improper access control, allowing untrusted applications to load arbitrary URL and local files in webview. Recommendations: For versions prior to 2.2.00.6, update to...

4CVSS3.9AI score0.00225EPSS
Exploits0References2
Hacker One
Hacker One
added 2022/03/04 12:17 p.m.33 views

TikTok: One Click Account Hijacking via Unvalidated Deeplink

A WebView Hijacking vulnerability was found on the TikTok Android application via an un-validated deeplink on an un-sanitized parameter. This could have resulted in account hijacking through a JavaScript interface. We thank @fr4via for reporting this to our team...

1.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/03/01 12:0 a.m.5 views

The vulnerability of the cordova-plugin-ionic-webview plugin, related to deficiencies in path name restrictions, allows attackers to gain access to arbitrary files.

The vulnerability of the cordova-plugin-ionic-webview plugin is related to deficiencies in path name restrictions for directories. Exploiting this vulnerability could allow an attacker to gain access to arbitrary files...

8.6CVSS6.6AI score0.03305EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/02/11 6:15 p.m.46 views

CVE-2022-24923

Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

4CVSS0.00215EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/02/11 6:15 p.m.7 views

CVE-2022-24923

Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

4CVSS5.9AI score0.00215EPSS
Exploits0References2
Prion
Prion
added 2022/02/11 6:15 p.m.12 views

Improper access control

Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

2.1CVSS4.2AI score0.00215EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/02/11 5:40 p.m.77 views

CVE-2022-24923

CVE-2022-24923 affects Samsung SearchWidget prior to 2.3.00.6 on China models. Root cause: improper access control that allows untrusted applications to load arbitrary URLs and local files in a webview. Affected version range: before 2.3.00.6. Remediation: update to version 2.3.00.6 or later. Not...

4CVSS4.1AI score0.00215EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/11 5:40 p.m.44 views

CVE-2022-24923

Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

4CVSS4.7AI score0.00215EPSS
Exploits0References1
Rows per page
Query Builder