CVE-2026-26214 Xiaomi Galaxy FDS Android SDK <= 3.0.8 TLS Hostname Verification Disabled Enables MITM

Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOWALLHOSTNAMEVERIFIER, which accep...

PT-2026-7854

Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOW ALL HOSTNAME VERIFIER, which...

Tuya多款产品 安全漏洞

Tuya Android SDK and others are products of Tuya China.Tuya Android SDK is a software development kit.Tuya iOS SDK is a software development kit.Tuya Smart App is a smart app. A security vulnerability exists in several Tuya products, which stems from an unvalidated state parameter in the OAuth...

Adobe Pass Authentication Android SDK Incorrect Authorization Vulnerability

Adobe Pass Authentication Android SDK is a Java library for Android applications from the American company Audobee Adobe. The Adobe Pass Authentication Android SDK suffers from an incorrect authorization vulnerability that can be exploited by attackers to bypass security measures and gain...

Adobe Pass Authentication Android SDK 安全漏洞

Adobe Pass Authentication Android SDK is a Java library for Android applications from the American company Audobee Adobe. The Adobe Pass Authentication Android SDK suffers from an incorrect authorization vulnerability that can be exploited by attackers to bypass security measures and gain...

EUVD-2020-16097

Malware in sbrugna...

EUVD-2011-1018

Malware in sbrugna...

EUVD-2021-0810

Malware in sbrugna...

EUVD-2022-6804

Malicious code in bioql PyPI...

EUVD-2022-6668

Malicious code in bioql PyPI...

PT-2025-27499 · Maven · Io.Sentry:Sentry-Android +1

Impact Under specific circumstances, text composables may contain unmasked sensitive data in Android session replays. You may be impacted if you meet the following conditions: - Using any sentry-android with versions = 1.8.0-alpha08 - This includes any alpha, beta, release candidate, or general...

CVE-2022-42443

An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535...

CVE-2020-23349

An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 com.sina.weibo.sdk.share.WbShareTransActivity, any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity...

Malicious code in glance-android-core-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f082498ee8cee22569a9d952f86e51b833f15f9ddf0ae457b87367e28bcf198 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-42443 Trusteer for mobile file upload

An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535...

Authentication Bypass

Matrix Android SDK 2 is vulnerable to authentication bypass. The vulnerability exists in onRoomKeyEvent function of DefaultCryptoService.kt due to lack of entity authentication for key forwarding strategy which allows an attacker to cooperate with a malicious home server...

Cross-site Scripting (XSS)

Matrix Android SDK 2 is vulnerable to cross-site scripting.The vulnerability exists in multiple functions in MXMegolmDecryption.kt due to a protocol confusion in order to send fake to-device messages which allows an attacker to inject the key backup secret during a self-verification...

CVE-2022-39246

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...

Design/Logic Flaw

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...

CVE-2022-39246

matrix-android-sdk2 (Android Matrix SDK) before version 1.5.1 is vulnerable: an attacker collaborating with a malicious homeserver can craft messages that appear from another user due to an overly permissive key-forwarding policy. Starting with 1.5.1, the default key-forwarding policy is stricter...