CVE-2025-32898

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...

CVE-2025-32899

KDE Connect (Android)

PT-2025-49197

In KDE Connect before 1.33.0 on Android, malicious device IDs sent via broadcast UDP could cause an application crash...

PT-2025-49319

Name of the Vulnerable Software and Affected Versions Rarlab RAR App versions up to 7.11 Build 127 Description A security issue exists in the component com.rarlab.rar of Rarlab RAR App on Android. This allows for path traversal, potentially enabling remote attacks. Exploitation is considered high...

CVE-2025-32898

The CVE-2025-32898 entry documents a brute-force vulnerability in the KDE Connect verification-code protocol: an 8-character verification code enables offline/online guessing. Affected are KDE Connect versions before 1.33.0 on Android, before 25.04 on desktop, before 0.5 on iOS, Valent before 1.0...

CVE-2025-66270

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49...

CVE-2025-32900

In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5...

EUVD-2025-201337

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...

PT-2025-49196

In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP...

EUVD-2025-201273

An issue in the Bluetooth Human Interface Device HID of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device...

CVE-2025-63896

An issue in the Bluetooth Human Interface Device HID of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device...

CVE-2025-63896

An issue in the Bluetooth Human Interface Device HID of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device...

Newly Sold Albiriox Android Malware Targets Banks and Crypto Holders

Cleafy analysis reveals Albiriox, a new Android Malware-as-a-Service MaaS RAT that targets over 400 global banking and crypto apps. Learn how ODF fraud enables full device takeover...

CVE-2025-13876

A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been...

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed since October 2024, involves distributing...

JXL 9 Inch Car Android Double Din Player 安全漏洞

JXL 9 Inch Car Android Double Din Player is an in-car infotainment system from JXL. A security vulnerability exists in JXL 9 Inch Car Android Double Din Player version v12.0, which stems from a Bluetooth HID device that is susceptible to arbitrary keystroke injection attacks...

CVE-2025-63896

An issue in the Bluetooth Human Interface Device HID of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device...

PT-2025-49137

Name of the Vulnerable Software and Affected Versions JXL 9 Inch Car Android Double Din Player Android version 12.0 Description An issue exists in the Bluetooth Human Interface Device HID of the affected product that allows attackers to inject arbitrary keystrokes by using a spoofed Bluetooth HID...

CVE-2025-63896

Technical details (affected components, versions, exploit specifics) for CVE-2025-63896 are not publicly available in the supplied documents. Monitor for updates from vendors and security feeds.

Ubuntu 25.10 : Linux kernel vulnerabilities (USN-7906-1)

The remote Ubuntu 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7906-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the...