CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43137 – WordPress WappPress Basic plugin <= 6.0.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43137
07 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WappPress Team WappPress allows Stored XSS.This issue affects WappPress: from n/a through 6.0.4. The WappPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 6.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject ar... • https://patchstack.com/database/vulnerability/wapppress-builds-android-app-for-website/wordpress-wapppress-basic-plugin-6-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 30%CPEs: 1EXPL: 2CVE-2024-7014 – Improper multimedia file attachment validation in Telegram for Android app
https://notcve.org/view.php?id=CVE-2024-7014
23 Jul 2024 — EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older. La vulnerabilidad de EvilVideo permite enviar aplicaciones maliciosas disfrazadas de videos en la aplicación Telegram para Android que afecta las versiones 10.14.4 y anteriores. • https://github.com/hexspectrum1/CVE-2024-7014 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38758 – WordPress WappPress plugin <= 6.0.4 - Blind Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-38758
11 Jul 2024 — Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4. Vulnerabilidad de Server-Side Request Forgery (SSRF) en WappPress Team WappPress. Este problema afecta a WappPress: desde n/a hasta 6.0.4. The WappPress – Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.4. This makes it possible for au... • https://patchstack.com/database/vulnerability/wapppress-builds-android-app-for-website/wordpress-wapppress-plugin-6-0-4-blind-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49815 – WordPress WappPress plugin <= 5.0.3 - Unauthenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2023-49815
05 Dec 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en WappPress Team WappPress. Este problema afecta a WappPress: desde n/a hasta 5.0.3. The WappPress – Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all ver... • https://patchstack.com/database/vulnerability/wapppress-builds-android-app-for-website/wordpress-wapppress-plugin-5-0-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36689
https://notcve.org/view.php?id=CVE-2021-36689
03 Mar 2023 — An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation. • https://code.samourai.io/wallet/samourai-wallet-android/-/blob/develop/app/src/main/java/com/samourai/wallet/PinEntryActivity.java#L302 • CWE-521: Weak Password Requirements •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-36628 – Calsign APDE ZIP File CopyBuildTask.java handleExtract path traversal
https://notcve.org/view.php?id=CVE-2020-36628
25 Dec 2022 — A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. • https://github.com/Calsign/APDE/commit/c6d64cbe465348c1bfd211122d89e3117afadecf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23435
https://notcve.org/view.php?id=CVE-2022-23435
19 Jan 2022 — decoding.c in android-gif-drawable before 1.2.24 does not limit the maximum length of a comment, leading to denial of service. El archivo decoding.c en android-gif-drawable versiones anteriores a 1.2.24, no limita la longitud máxima de un comentario, conllevando a una denegación de servicio • https://github.com/koral--/android-gif-drawable/commit/9f0f0c89e6fa38548163771feeb4bde84b828887 •
CVSS: 8.8EPSS: 79%CPEs: 2EXPL: 22CVE-2019-11932 – Whatsapp 2.19.216 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-11932
03 Oct 2019 — A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image. Una vulnerabilidad doble gratuita en la función DDGifSlurp en decoding.c en la biblioteca android-gif-drawable antes de la versión 1.2.18, como se ... • https://packetstorm.news/files/id/154867 • CWE-415: Double Free •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10641
https://notcve.org/view.php?id=CVE-2016-10641
04 Jun 2018 — node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks. node-bsdiff-android descarga recursos binarios por HTTP, lo que lo deja vulnerable a ataques MITM. • https://nodesecurity.io/advisories/234 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.8EPSS: 47%CPEs: 1EXPL: 3CVE-2017-1002003 – Wp2android <= 1.1.4 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2017-1002003
07 Mar 2017 — Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. Existe una vulnerabilidad en el plugin wp2android-turn-wp-site-into-android-app v1.1.4 de WordPress. Este plugin incluye software CMS vulnerable sin licencia de http://www.invedion.com/. The Wp2android plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/server/images.php file in versions u... • https://packetstorm.news/files/id/141676 • CWE-434: Unrestricted Upload of File with Dangerous Type •