Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the s
Access control vulnerability in the SystemUI module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
A vulnerability, which was classified as problematic, was found in Caixin News App 8.0.1 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.caixin.news. T
In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio
Vulnerability of insufficient information protection in the media library module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a ma
Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may
Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information.
Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents.
A vulnerability classified as problematic has been found in IDnow App up to 9.6.0 on Android. This affects an unknown part of the file AndroidManifest.xml of the component de.idnow. The manipulation l
In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional executio
A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties.
A malicious authenticated user with adminis
CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete
control of the device when an authenticated user installs malicious code into HMI product.
Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts
Vulnerability of improper authentication logic implementation in the file system module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023
SP1 and prior that, if exploited, could allow an authenticated attacker
(with privileges to create/update annotations or
A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper au
Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to access arbitrary file with system privilege.
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been declared as critical. Affected by this vulnerability is the function findUser of the file wetech-cms-master\wetech-core\src\main\j
An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Infor