CVE-2025-25326 |
Description: An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user information via supplying a crafted link.
EPSS Score: 0.02%
February 27th, 2025 (5 months ago)
|
CVE-2025-25325 |
Description: An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via supplying a crafted link.
EPSS Score: 0.02%
February 27th, 2025 (5 months ago)
|
CVE-2025-25324 |
Description: An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a crafted link.
EPSS Score: 0.02%
February 27th, 2025 (5 months ago)
|
CVE-2025-25323 |
Description: An issue in Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS 14.22.0 allows attackers to access sensitive user information via supplying a crafted link.
EPSS Score: 0.02%
February 27th, 2025 (5 months ago)
|
![]() |
Description: miyako Claims to be Selling Access to an Unidentified Internet Service Provider in Bosnia
February 27th, 2025 (5 months ago)
|
CVE-2025-20060 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.7
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Dario Health
Equipment: USB-C Blood Glucose Monitoring System Starter Kit Android Application, Application Database and Internet-based Server Infrastructure
Vulnerabilities: Exposure of Private Personal Information to an Unauthorized Actor, Improper Output Neutralization For Logs, Storage of Sensitive Data In a Mechanism Without Access Control, Cleartext Transmission of Sensitive Information, Cross-site Scripting (XSS), Sensitive Cookie Without 'HttpOnly' Flag, Exposure of Sensitive Information Due To Incompatible Policies
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to expose information, inject code, manipulate data, or achieve cross-site scripting (XSS), resulting in full session compromise.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Dario Health products are affected:
USB-C Blood Glucose Monitoring System Starter Kit Android Applications: Versions 5.8.7.0.36 and prior
Dario Application Database and Internet-based Server Infrastructure: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 EXPOSURE OF PRIVATE PERSONAL INFORMATION TO AN UNAUTHORIZED ACTOR CWE-359
An attacker could expose cross-user Personal Identifiable Information (PII) and personal health information transmitted to the Android device via the Dario Health application database.
CVE-2025-20060 has been assigned to this vulnerability. A CVSS v3.1 ...
EPSS Score: 0.09%
February 27th, 2025 (5 months ago)
|
![]() |
Description: miyako Claims to be Selling Access to an Unidentified Chinese Computer Store
February 27th, 2025 (5 months ago)
|
![]() |
Description: It took about 24 hours for Alibaba’s Wan 2.1 to become popular in the AI porn community.
February 27th, 2025 (5 months ago)
|
![]() |
Description: Arikos Claims to be Selling the Data of OurSMS
February 27th, 2025 (5 months ago)
|
![]() |
Description: The Belgian federal prosecutor's office is investigating whether Chinese hackers were behind a breach of the country's State Security Service (VSSE). [...]
February 27th, 2025 (5 months ago)
|