10963 matches found
CVE-2022-28799
The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL unvalidated deeplink can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click...
PT-2022-19245 · Bytedance +1 · Tiktok +1
Name of the Vulnerable Software and Affected Versions: TikTok application before 23.7.3 for Android Description: The issue allows account takeover through a crafted URL that can force the com.zhiliaoapp.musically WebView to load an arbitrary website, potentially leveraging an attached JavaScript...
(0Day) (Pwn2Own) Samsung Galaxy S21 Exposed Dangerous Method Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within Web...
Hitachi Energy LinkOne WebView
1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: LinkOne WebView Vulnerabilities: Cross-site Scripting, Use of a Password System for Primary Authentication, Configuration, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK...
Bosch Video Security Code Injection Vulnerability
Bosch Video Security is a video security system from Bosch, Germany. Used to connect to Bosch Ip cameras and encoders from around the world, experience instant video playback, full access to your recordings, forensic search of cameras with Bosch video analytics support, and smooth control of Ptz...
Samsung Bixby Touch Access Control Error Vulnerability
An access control error vulnerability exists in Samsung Bixby Touch, a virtual intelligent assistant for Samsung mobile devices, which stems from a failure to properly restrict access to resources from unauthorized roles in Bixby Touch. An attacker could exploit the vulnerability to allow untrust...
CVE-2022-25824
Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...
CVE-2022-25824
Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...
CVE-2022-25824
Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...
Improper access control
Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...
Samsung Bixby Touch安全漏洞
An access control error vulnerability exists in Samsung Bixby Touch, a virtual intelligent assistant for Samsung mobile devices, which stems from a failure to properly restrict access to resources from unauthorized roles in Bixby Touch. An attacker could exploit the vulnerability to allow untrust...
CVE-2022-25824
Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...
PT-2022-17550 · Samsung · Bixbytouch
Name of the Vulnerable Software and Affected Versions: BixbyTouch versions prior to 2.2.00.6 Description: The issue is related to improper access control, allowing untrusted applications to load arbitrary URL and local files in webview. Recommendations: For versions prior to 2.2.00.6, update to...
TikTok: One Click Account Hijacking via Unvalidated Deeplink
A WebView Hijacking vulnerability was found on the TikTok Android application via an un-validated deeplink on an un-sanitized parameter. This could have resulted in account hijacking through a JavaScript interface. We thank @fr4via for reporting this to our team...
The vulnerability of the cordova-plugin-ionic-webview plugin, related to deficiencies in path name restrictions, allows attackers to gain access to arbitrary files.
The vulnerability of the cordova-plugin-ionic-webview plugin is related to deficiencies in path name restrictions for directories. Exploiting this vulnerability could allow an attacker to gain access to arbitrary files...
CVE-2022-24923
Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...
CVE-2022-24923
Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...
Improper access control
Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...
CVE-2022-24923
CVE-2022-24923 affects Samsung SearchWidget prior to 2.3.00.6 on China models. Root cause: improper access control that allows untrusted applications to load arbitrary URLs and local files in a webview. Affected version range: before 2.3.00.6. Remediation: update to version 2.3.00.6 or later. Not...
CVE-2022-24923
Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...