6 matches found
CVE-2025-68400
ChurchCRM prior to v6.5.3 is affected by a SQL Injection in the legacy endpoint /Reports/ConfirmReportEmail.php. The issue arises from an unvalidated familyId parameter in a historically removed UI feature that remains reachable directly (dead but reachable code). Any authenticated user, even wit...
CVE-2023-34165
Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions...
CVE-2023-34165
Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions...
CVE-2023-34165
Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions...
Design/Logic Flaw
Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions...
Android new attack: Google Voice Search attack-vulnerability warning-the black bar safety net
Chinese University of Hong Kong researchers in the Preprint posted on the website of paper PDF, describes a novel permission to bypass attack method: Google Voice Search attack. An attacker can leverage a zero-permissions Android app VoicEmployer, front activationoperating system built-in voice...