Aggregator

CVE-2025-9097 | Euro Information CIC banque et compte en ligne App 12.56.0 on Android com.cic_prod.bad AndroidManifest.xml improper export of android application components

VulDB Recent Entries
3 weeks 6 days ago
A vulnerability classified as problematic was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.cic_prod.bad. The manipulation results in improper export of android application components. This vulnerability was named CVE-2025-9097. The attack needs to be approached locally. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-9096 | ExpressGateway express-gateway up to 1.16.10 REST Endpoint lib/rest/routes/apps.js cross site scripting (EUVD-2025-25106)

VulDB Recent Entries
3 weeks 6 days ago
A vulnerability classified as problematic has been found in ExpressGateway express-gateway up to 1.16.10. This impacts an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-9096. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-9095 | ExpressGateway express-gateway up to 1.16.10 REST Endpoint lib/rest/routes/users.js cross site scripting

VulDB Recent Entries
3 weeks 6 days ago
A vulnerability described as problematic has been identified in ExpressGateway express-gateway up to 1.16.10. This affects an unknown function in the library lib/rest/routes/users.js of the component REST Endpoint. Executing manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2025-9095. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-9094 | ThingsBoard 4.1 Add Gateway special elements used in a template engine (EUVD-2025-25105)

VulDB Recent Entries
3 weeks 6 days ago
A vulnerability marked as critical has been reported in ThingsBoard 4.1. The impacted element is an unknown function of the component Add Gateway Handler. Performing manipulation results in improper neutralization of special elements used in a template engine. This vulnerability is known as CVE-2025-9094. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor replies, that "[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0)."
vuldb.com

CVE-2025-9093 | BuzzFeed App 2024.9 on Android com.buzzfeed.android AndroidManifest.xml improper export of android application components

VulDB Recent Entries
3 weeks 6 days ago
A vulnerability labeled as problematic has been found in BuzzFeed App 2024.9 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.buzzfeed.android. Such manipulation leads to improper export of android application components. This vulnerability is traded as CVE-2025-9093. An attack has to be approached locally. Furthermore, there is an exploit available.
vuldb.com

Managed ad