Total
1129 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56967 | 2025-01-28 | 6.5 Medium | ||
| An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56966 | 2025-01-28 | 6.5 Medium | ||
| An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56965 | 2025-01-28 | 6.5 Medium | ||
| An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56964 | 2025-01-28 | 6.5 Medium | ||
| An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guazi Used Car iOS 10.15.1 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56963 | 2025-01-28 | 6.5 Medium | ||
| An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56962 | 2025-01-28 | 6.5 Medium | ||
| An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56960 | 2025-01-28 | 6.5 Medium | ||
| An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56959 | 2025-01-28 | 6.5 Medium | ||
| An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56957 | 2025-01-28 | 6.5 Medium | ||
| An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56955 | 2025-01-28 | 6.5 Medium | ||
| An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56954 | 2025-01-28 | 6.5 Medium | ||
| An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56953 | 2025-01-28 | 6.5 Medium | ||
| An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link. | ||||
| CVE-2024-56952 | 2025-01-28 | 6.5 Medium | ||
| An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link. | ||||
| CVE-2024-56951 | 2025-01-28 | 6.5 Medium | ||
| An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56950 | 2025-01-28 | 6.5 Medium | ||
| An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56949 | 2025-01-28 | 6.5 Medium | ||
| An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56948 | 2025-01-28 | 6.5 Medium | ||
| An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56947 | 2025-01-28 | 6.5 Medium | ||
| An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2023-31134 | 1 Tauri | 1 Tauri | 2025-01-28 | 4.8 Medium |
| Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit arbitrary websites or due to a bug allowing the open redirect. This allows the external website access to the IPC layer and therefore to all configured and exposed Tauri API endpoints and application specific implemented Tauri commands. This issue has been patched in versions 1.0.9, 1.1.4, and 1.2.5. As a workaround, prevent arbitrary input in redirect features and/or only allow trusted websites access to the IPC. | ||||
| CVE-2023-25829 | 1 Esri | 1 Portal For Arcgis | 2025-01-28 | 6.1 Medium |
| There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | ||||