For individuals

The Dario Health portal service application is vulnerable to XSS, which could allow an attacker to obtain sensitive information.

An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database.

Unauthenticated log effects metrics gathering incident response efforts and potentially exposes risk of injection attacks (ex log injection).

The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality.

Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise.

Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data.

Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data manipulation or exposure.

Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the configname parameter on the /cbi_addcert.htm page.

Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the The ssid key of wifi_data parameter on the /captive_portal.htm page.

Manifest offers users a one-file micro back end. Prior to version 4.9.1, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a...