CVE-2026-0068

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...

Exploit for Improper Authentication in Google Android

DEDSECBKIF DEDSECBKIF is a keystroke injection tool for Androi...

EUVD-2025-209952

The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root...

CVE-2025-41669 Insufficient Verification of Data Authenticity

The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root...

@mobilenext/mobile-mcp: Arbitrary Android Intent Execution via mobile_open_url

Summary The mobileopenurl tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. Details The vulnerable code pass...

EUVD-2025-204426

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

CVE-2025-67844

The Mintlify Platform’s GitHub Integration API (pre-2025-11-15) fails to validate that configured repository owner/name belong to the user’s GitHub App Installation ID, enabling disclosure of sensitive repository metadata. Multiple sources corroborate the issue and cite the same root cause in the...

PT-2025-52405

Name of the Vulnerable Software and Affected Versions Mintlify Platform versions prior to 2025-11-15 Description The GitHub Integration API in Mintlify Platform has an issue where it does not properly validate the repository owner and name fields during configuration. This allows remote attackers...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

OPPO ColorOS 安全漏洞

OPPO ColorOS is a suite of Android-based operating systems for mobile devices from Chinese company OPPO. A security vulnerability exists in OPPO ColorOS, which stems from improper validation of the source of application installation, which may result in malicious applications being installed...

PT-2025-46307

Name of the Vulnerable Software and Affected Versions Axis Communications ACAP applications affected versions not specified Description ACAP applications may be able to gain elevated privileges due to improper input validation, which could lead to privilege escalation. This is only possible if th...

EUVD-2019-6445

Malware in sbrugna...

EUVD-2019-6446

Malware in sbrugna...

EUVD-2019-6441

Malware in sbrugna...

EUVD-2019-6466

Malware in sbrugna...

EUVD-2019-6464

Malware in sbrugna...

EUVD-2019-6443

Malware in sbrugna...

EUVD-2019-6417

Malware in sbrugna...

EUVD-2019-6444

Malware in sbrugna...

EUVD-2018-6874

Malware in sbrugna...