Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
activity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-23634
SQL Injection vulnerability in Documize version 5.4.2, allows remote malicious users to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint.
Documize Documize 5.4.2
NA
CVE-2023-27150
openCRX 5.2.0 exists to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity.
Opencrx Opencrx 5.2.0
NA
CVE-2023-49706
Defective request context handling in Self Service in LinOTP 3.x prior to 3.2.5 allows remote unauthenticated malicious users to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger...
Linotp Linotp
Linotp Virtual Appliance
NA
CVE-2023-50713
Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions before 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, creat...
Specklesystems Speckle Server
NA
CVE-2023-6542
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arb...
Sap Emarsys Sdk 3.6.2
NA
CVE-2023-42574
Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2 allows local malicious users to launch arbitrary activity in GameHomeCN.
Samsung Gamehomecn
NA
CVE-2023-40079
In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Google Android 14.0
NA
CVE-2023-40095
In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat...
Google Android 11.0
Google Android 12.0
Google Android 12.1
Google Android 13.0
Google Android 14.0
NA
CVE-2023-40809
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.
Opencrx Opencrx 5.2.0
NA
CVE-2023-40813
OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation.
Opencrx Opencrx 5.2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »