CVE-2024-43137 – WordPress WappPress Basic plugin <= 6.0.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43137
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WappPress Team WappPress allows Stored XSS.This issue affects WappPress: from n/a through 6.0.4. The WappPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 6.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. • https://patchstack.com/database/vulnerability/wapppress-builds-android-app-for-website/wordpress-wapppress-basic-plugin-6-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-7014 – Improper multimedia file attachment validation in Telegram for Android app
https://notcve.org/view.php?id=CVE-2024-7014
EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older. La vulnerabilidad de EvilVideo permite enviar aplicaciones maliciosas disfrazadas de videos en la aplicación Telegram para Android que afecta las versiones 10.14.4 y anteriores. • https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android • CWE-20: Improper Input Validation •
CVE-2024-38758 – WordPress WappPress plugin <= 6.0.4 - Blind Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-38758
Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4. Vulnerabilidad de Server-Side Request Forgery (SSRF) en WappPress Team WappPress. Este problema afecta a WappPress: desde n/a hasta 6.0.4. The WappPress – Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/wapppress-builds-android-app-for-website/wordpress-wapppress-plugin-6-0-4-blind-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-49815 – WordPress WappPress plugin <= 5.0.3 - Unauthenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2023-49815
Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en WappPress Team WappPress. Este problema afecta a WappPress: desde n/a hasta 5.0.3. The WappPress – Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 5.0.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/wapppress-builds-android-app-for-website/wordpress-wapppress-plugin-5-0-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-36689
https://notcve.org/view.php?id=CVE-2021-36689
An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation. • https://code.samourai.io/wallet/samourai-wallet-android/-/blob/develop/app/src/main/java/com/samourai/wallet/PinEntryActivity.java#L302 https://vrls.ws/posts/2021/08/samourai-wallet-bitcoin-pin-authentication-bypass-crypto • CWE-521: Weak Password Requirements •