CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

188 matches found

RedhatCVE•added 2026/01/28 3:16 a.m.•4 views

CVE-2026-24490

MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting XSS vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The...

8.1CVSS6.1AI score0.00025EPSS

Exploits1References1

NVD•added 2026/01/27 1:16 a.m.•3 views

CVE-2026-24490

8.1CVSS0.00025EPSS

Exploits1References3

ATTACKERKB•added 2026/01/27 12:40 a.m.•2 views

CVE-2026-24490

8.1CVSS6.1AI score0.00025EPSS

Exploits1References4Affected Software1

CNNVD•added 2026/01/27 12:0 a.m.•1 views

Awesome-Mobile-Security Cross-Site Script Vulnerabilities

Awesome-Mobile-Security is an application software. It strives to provide a collection of useful security-related apps for Android and iOS. Versions of Awesome-Mobile-Security prior to 4.4.5 had a cross-site scripting vulnerability. This vulnerability stemmed from the storage-based cross-site...

8.1CVSS5.8AI score0.00025EPSS

Exploits1References3

Snyk•added 2026/01/26 11:36 p.m.•1 views

Cross-site Scripting (XSS)

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Cross-site...

8.1CVSS6AI score0.00025EPSS

Exploits1References2

Positive Technologies•added 2026/01/26 12:0 a.m.•4 views

PT-2026-4843

Name of the Vulnerable Software and Affected Versions MobSF versions prior to 4.4.5 Description MobSF, a mobile application security testing tool, contains a Stored Cross-site Scripting XSS vulnerability in its Android manifest analysis feature. This flaw allows an attacker to execute arbitrary...

8.1CVSS5.9AI score0.00025EPSS

Exploits1References14

CVE•added 2025/12/11 2:2 p.m.•12 views

CVE-2025-14517

CVE-2025-14517 affects Yalantis uCrop 2.2.11 and concerns the UCropActivity component defined in AndroidManifest.xml. The vulnerability arises from an improper export of Android application components, which could allow manipulation to lead to exposure of components outside the intended scope. Ex...

5.3CVSS5.3AI score0.00038EPSS

Exploits1References5Affected Software1

Cvelist•added 2025/12/11 2:2 p.m.•29 views

CVE-2025-14517 Yalantis uCrop AndroidManifest.xml UCropActivity improper export of android application components

A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android application components. The attack can only be executed locally. The exploit has been publicly disclosed...

5.3CVSS0.00038EPSS

Exploits1References5

CNNVD•added 2025/12/11 12:0 a.m.•1 views

uCrop 安全漏洞

uCrop is an Android image cropping library open source by Yalantis. A security vulnerability exists in uCrop version 2.2.11, which originates from improper export of the function UCropActivity in the file AndroidManifest.xml, which could lead to improper export of Android application components...

5.3CVSS5.4AI score0.00038EPSS

Exploits1References5