CVE-2026-27974 Audiobooksheld VUlnerable to Stored XSS in WrappingMarquee.js via Audiobook Metadata (Mobile App Audio Player)

Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modificatio...

EUVD-2021-10845

Malware in sbrugna...

EUVD-2018-0178

Malware in sbrugna...

SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids

A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories. "These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashou...

MAL-2024-1550 Malicious code in vue2-webviews (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95a66e858fcc284e27c0e0ac5e2d76de3b0f6c670ac21a185369832d45f40f5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vue2-webviews (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95a66e858fcc284e27c0e0ac5e2d76de3b0f6c670ac21a185369832d45f40f5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vue-webviews (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a4cb498523fdac707f6db2f94f8c3478545fcec92545e4a59dff966b9cbaa87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1549 Malicious code in vue-webviews (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a4cb498523fdac707f6db2f94f8c3478545fcec92545e4a59dff966b9cbaa87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-26386 · Tauri · Tauri

Name of the Vulnerable Software and Affected Versions: Tauri versions prior to 1.6.7 Tauri versions prior to 2.0.0-beta.19 Description: The issue allows remote origin iFrames in Tauri applications to access the Tauri IPC endpoints without being explicitly allowed. This bypasses the origin check a...

(Pwn2Own) Microsoft Teams WebView Incorrect Privilege Assignment Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. No user interaction is required if the attacker and target are in the same Teams organization and are both participants in a meeting. The specific flaw exists within handling of...

CVE-2021-23922

An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting XSS vulnerability in webviews...

CVE-2021-23922

An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting XSS vulnerability in webviews...

Cross site scripting

An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting XSS vulnerability in webviews...

Devolutions Remote Desktop Manager 跨站脚本漏洞

Devolutions Remote Desktop Manager is a remote desktop management tool that centralizes all remote connections on a platform that is securely shared between users and across teams. A cross-site scripting vulnerability exists in webviews in Devolutions Remote Desktop Manager versions prior to...

InjuredAndroid - A Vulnerable Android Application That Shows Simple Examples Of Vulnerabilities In A CTF Style

A vulnerable Android application with ctf examples based on bug bounty findings, exploitation concepts, and pure creativity. Setup for a physical device 1. Download injuredandroid.apk from Github 2. Enable USB debugging on your Android test phone. 3. Connect your phone and your pc with a usb cabl...

CVE-2016-10581

CVE-2016-10581 concerns the Steroids library (PhoneGap on Steroids), which downloads zipped resources over HTTP. The description states this makes it vulnerable to MITM attacks and, if an attacker can position themselves between the user and the server, may allow remote code execution by swapping...

GitHub Electron Webviews Command Execution Vulnerability

GitHub Electron formerly known as Atom Shell is the United States GitHub company is responsible for maintaining a set of Web-based cross-platform desktop application development tools. webviews is one of the Web view interface. A security vulnerability exists in Webviews in GitHub Electron versio...

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

A vulnerability has been discovered which allows Node.js integration to be re-enabled in some Electron applications that disable it. For the application to be impacted by this vulnerability it must meet all of these conditions - Runs on Electron 1.7, 1.8, or a 2.0.0-beta - Allows execution of...

CVE-2018-1000136

Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node...

CVE-2018-1000136

Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node...