655 matches found
EUVD-2023-23513
Malicious code in bioql PyPI...
A week in security (September 1 – September 7)
Last week on Malwarebytes Labs: Nexar dashcam video database hacked Roblox introduces age checks to use communication features Give your PC a fresh start: New free tools to boost your PC’s speed, security, and peace of mind TP-Link warns of botnet infecting routers and targeting Microsoft 365...
Agentic Discovery and Validation of Android App Vulnerabilities
Existing Android vulnerability detection tools overwhelm teams with thousands of low-signal warnings yet uncover few true positives. Analysts spend days triaging these results, creating a bottleneck in the security pipeline. Meanwhile, genuinely exploitable vulnerabilities often slip through,...
PT-2025-34562 · Undefined · Undefined
🔥 Android under fire: Two high-severity bugs — CVE-2025-38805 and CVE-2025-38806 — have entered exploit kits. Attackers adapt quickly; don’t be the easy target. Details: https://t.co/tej1yYGlw1 Created by AI. Android ZeroDay...
CVE-2025-21016
Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs...
CVE-2025-21016
Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs...
Critical Android vulnerabilities patched—update as soon as you can
Google has patched six vulnerabilities in Android, including two critical vulnerabilities in its August 2025 Android Security Bulletin. It also covers a critical vulnerability which could have allowed an attacker to execute code on a victim's device without the victim needing to do anything at al...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android
This repository contains a PoC Proof of Concept code for the BlueBorne vulnerabilities. The BlueBorne vulnerabilities are a set of vulnerabilities in Bluetooth devices that allow an attacker to remotely execute code on a device. The PoC code is written in Python and uses the PyBluez library to...
CVE-2025-43977
The com.skt.prod.dialer application through 12.5.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.skt.prod.dialer.activities.outgoingcall.OutgoingCallInternalBroadcaster component...
CVE-2025-21009
Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption...
Vulnerabilities fixed in Google Android and Samsung Mobile
Google has fixed vulnerabilities in the Android operating system. Samsung has fixed vulnerabilities relevant to Samsung Mobile in Samsung Mobile. The vulnerabilities are in how the GPU Kernel Drivers handle system calls from non-privileged users. This can lead to unauthorized access to memory,...
CVE-2025-26443
creationtimestamp| type| source ---|---|--- 2025-06-03 10:09:50+00:00| seen| https://threatintel.cc/2025/06/03/over-vulnerabilities-patched-in-android.html 2025-09-06 21:02:27+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3ly734punx72l...
CVE-2024-13915
Android based smartphones from vendors such as Ulefone and Krüger contain "com.pri.factorytest" application preloaded onto devices during manufacturing process. The application "com.pri.factorytest" version name: 1.0, version code: 1 exposes a ”com.pri.factorytest.emmc.FactoryResetService“ servic...
CVE-2024-13915 Unrestricted Access to Exported Service in com.pri.factorytest
Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application preloaded onto devices during manufacturing process. The application "com.pri.factorytest" version name: 1.0, version code: 1 exposes a ”com.pri.factorytest.emmc.FactoryResetService“...
CVE-2024-49404
Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users...
CVE-2023-36612
Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses containing...
CVE-2023-42579
Improper usage of insecure protocol i.e. HTTP in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middl...
CVE-2023-20979
In GetNextSourceDataPacket of btaavco.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Andro...
CVE-2022-20131
In nciprocrfmanagementntf of ncihrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2022-20270
In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID...