Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003289)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003289 advisory. A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003420)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003420 advisory. A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002729)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002729 advisory. An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003525)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003525 advisory. An issue was discovered in the nsgetpath function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002364)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002364 advisory. The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 2013 devices, does not properly consider user-space access to th...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002469)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002469 advisory. arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001933)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001933 advisory. In blkmqtagtorq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002740)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002740 advisory. In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001830)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001830 advisory. The pagemapopen function in fs/proc/taskmmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive...

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control C2 nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times,...

CVE-2026-22694

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

CVE-2026-22694

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

CVE-2026-22694 AliasVault is Missing Origin Validation in Android Passkey Credential Provider

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

CVE-2026-22694 AliasVault is Missing Origin Validation in Android Passkey Credential Provider

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

CVE-2026-22694

Summary (CVE-2026-22694) : AliasVault for Android (versions 0.24.0–0.25.2) contained an incomplete validation flaw in the Android credential provider for passkey requests. Under certain local conditions, a malicious app could obtain a passkey response for a site it was not authorized to access be...

CVE-2026-22694 AliasVault is Missing Origin Validation in Android Passkey Credential Provider

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

EUVD-2026-2679

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

CVE-2025-14317

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

CVE-2025-14317

CVE-2025-14317 – Crazy Bubble Tea mobile app : An authenticated attacker can obtain personal information of other users by enumerating a loyaltyGuestId parameter. The server does not verify required permissions to access data. This has been fixed in Android version 915 and iOS version 7.4.1. Affe...

CVE-2025-14317 User Enumeration in Crazy Bubble Tea mobile application

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...