Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
activity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0034
In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
NA
CVE-2024-0035
In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi...
NA
CVE-2023-40106
In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
NA
CVE-2023-40109
In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
8.8
CVSSv3
CVE-2024-22859
Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote malicious users to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate clie...
Laravel Livewire
3.3
CVSSv3
CVE-2024-23211
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings.
Apple Macos
Apple Iphone Os
Apple Ipados
Apple Watchos
Apple Safari
9.8
CVSSv3
CVE-2023-23634
SQL Injection vulnerability in Documize version 5.4.2, allows remote malicious users to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint.
Documize Documize 5.4.2
5.4
CVSSv3
CVE-2023-27150
openCRX 5.2.0 exists to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity.
Opencrx Opencrx 5.2.0
6.8
CVSSv3
CVE-2023-49706
Defective request context handling in Self Service in LinOTP 3.x prior to 3.2.5 allows remote unauthenticated malicious users to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger...
Linotp Linotp
Linotp Virtual Appliance
5
CVSSv3
CVE-2023-50713
Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions before 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, creat...
Specklesystems Speckle Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »