Lucene search
K

95693 matches found

HackRead
HackRead
added 3 days ago4 views

Why Unity Remains the Most Popular Engine for Mobile Games

Learn why Unity is still a trusted engine for mobile games, from faster prototyping and Android and iOS support to tools that help studios scale after releases...

6AI score
Exploits0
The Hacker News
The Hacker News
added 3 days ago14 views

RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service

A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service. It lets even low-skill criminals take over a victim's phone, steal their banking logins, and capture the one-time codes that protect their accounts. Zimperium's zLabs, which found th...

6.1AI score
Exploits0
OSV
OSV
added 3 days ago5 views

PYSEC-2026-1668 MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field

Summary A Stored Cross-site Scripting XSS vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The android:host attribute from elements is rendered in HTML reports without...

8.1CVSS6.2AI score0.0031EPSS
Exploits1References7
PyPA
PyPA
added 3 days ago5 views

MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field

SummaryA Stored Cross-site Scripting XSS vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The android:host attribute from elements is rendered in HTML reports without...

8.1CVSS6.2AI score0.0031EPSS
Exploits1References7Affected Software1
OSV
OSV
added 3 days ago4 views

PYSEC-2026-1675 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload

Vulnerable MobSF Versions: .svg This file becomes publicly accessible via the web interface at: http://127.0.0.1:8081/download/filename.svg If the SVG contains embedded JavaScript e.g., an XSS payload, accessing this URL via a browser leads to the execution of the script in the context of the Mob...

6.9CVSS5.9AI score0.00251EPSS
Exploits1References6
OSV
OSV
added 3 days ago4 views

PYSEC-2026-1671 Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack

Vulnerable MobSF Versions: = v4.3.2 Details: MobSF is a widely adopted mobile application security testing tool used by security teams across numerous organizations. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web application...

6.8CVSS6AI score0.00411EPSS
Exploits1References6
PyPA
PyPA
added 3 days ago5 views

Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack

Vulnerable MobSF Versions: = v4.3.2Details:MobSF is a widely adopted mobile application security testing tool used by security teams across numerous organizations. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications...

6.8CVSS6AI score0.00411EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 3 days ago5 views

Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload

Vulnerable MobSF Versions: = v4.3.2CVSS V4.0 Score: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:NDetails:A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions ≤ 4.3.2. The vulnerability arises from improper sanitization of user-supplied SVG...

8.6CVSS5.9AI score0.00251EPSS
Exploits1References6Affected Software1
Malwarebytes
Malwarebytes
added 3 days ago5 views

Fake Netflix, Coca-Cola, and FIFA job scams target marketers

Attackers are impersonating major companies and recruiters to target marketing professionals, using trusted services and browser tricks to make the scam look legitimate. A BleepingComputer article detailing the campaign found at least 34 domains impersonating high-value companies, including...

5.8AI score
Exploits0
OSV
OSV
added 3 days ago3 views

PYSEC-2026-2066 yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)

Summary The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in --exec, alo...

8.3CVSS6.1AI score0.01254EPSS
Exploits1References11
PyPA
PyPA
added 3 days ago3 views

yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)

SummaryThe patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes.However, this escaping is not sufficient, and still allows expansion of environment variables.Support for output template expansion in --exec, along...

9.8CVSS7.2AI score0.01254EPSS
Exploits1References11Affected Software1
PyPA
PyPA
added 3 days ago2 views

yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`

Impactyt-dlp allows the user to provide shell commands to be executed at various stages in its download process through the --exec flag. This flag allows output template expansion in its argument, so that video metadata values may be used in the shell commands. The metadata fields can be combined...

8.3CVSS7.5AI score0.01292EPSS
Exploits1References9Affected Software1
OSV
OSV
added 3 days ago3 views

PYSEC-2026-2064 yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`

Impact yt-dlp allows the user to provide shell commands to be executed at various stages in its download process through the --exec flag. This flag allows output template expansion in its argument, so that video metadata values may be used in the shell commands. The metadata fields can be combine...

8.3CVSS7.5AI score0.01292EPSS
Exploits1References9
Malwarebytes
Malwarebytes
added 3 days ago4 views

Scammers are using AI to sell impossible flowers

We've had problems with deepfake celebrity scams, non-consensual deepfake sexual material, and deepfake politicians. Now we have to deal with… deepfake plants? Yup, AI seed slop is now a thing. 404 Media documented scammers marketing seeds for plants that supposedly bloom in the shape of birds,...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 3 days ago5 views

SUSE CVE-2026-13788

Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.4AI score0.00379EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 3 days ago7 views

SUSE CVE-2026-13816

Insufficient validation of untrusted input in File Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS6AI score0.00299EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2026-13822

Inappropriate implementation in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: High...

6.5CVSS6AI score0.00166EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 3 days ago7 views

SUSE CVE-2026-13826

Inappropriate implementation in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS6AI score0.00233EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 3 days ago5 views

SUSE CVE-2026-13851

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: High...

9.1CVSS6AI score0.00289EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 3 days ago5 views

SUSE CVE-2026-13852

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: High...

9.1CVSS6AI score0.00289EPSS
Exploits0References2
Rows per page
Query Builder