65 matches found
May 2026 Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (Multiple CVEs)
Summary Ivanti has released updates for Ivanti Endpoint Manager Mobile EPMM which addresses five high severity vulnerabilities. We are aware of a very limited number of customers exploited with CVE-2026-6973. Successful exploitation requires Admin authentication. If customers followed Ivanti’s...
CVE-2026-7361
Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
SUSE CVE-2026-34385
Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection in the Apple MDM profile delivery pipeline. An attacker can access or modify sensitive database contents, such as user credentials, API tokens, and device enrollment secrets, by sending a malicious UDID during the MDM...
GO-2026-4914 Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database in github.com/fleetdm/fleet
Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database in github.com/fleetdm/fleet...
PT-2026-29954
Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database in github.com/fleetdm/fleet...
EUVD-2026-16754
Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database...
GHSA-V895-833R-8C45 Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database
Summary A critical second-order SQL Injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user credentials, API tokens, and device enrollment...
PT-2026-28626
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description Fleet is open source device management software susceptible to a second-order SQL injection in its Apple MDM profile delivery pipeline. An attacker possessing a valid MDM enrollment certificate could...
CVE-2026-32318
Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Befo...
CVE-2025-66555 AirKeyboard iOS App 1.0.5 - Remote Input Injection
AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control...
EUVD-2010-4517
Malware in sbrugna...
EUVD-2009-2185
Malware in sbrugna...
EUVD-2019-18289
Malware in sbrugna...
EUVD-2023-31890
Malicious code in bioql PyPI...
EUVD-2021-7255
Malicious code in bioql PyPI...
"SwitchBot" App vulnerable to insertion of sensitive information into log file
Overview "SwitchBot" App provided by SwitchBot contains the following vulnerability. Insertion of sensitive information into log file CWE-532 - CVE-2025-53649 Soh Satoh reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...
CVE-2025-36057
IBM Cognos Analytics Mobile iOS 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application...
CVE-2010-4551
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash by omitting the Internet ID field in the person document, and then using an Apple device to 1 accept or 2 decline an invitation...
PT-2025-7272 · Apple · Device
Name of the Vulnerable Software and Affected Versions: Apple devices affected versions not specified Description: A security issue in the SecureROM of certain Apple devices allows an unauthenticated local attacker to execute arbitrary code on the device upon booting. This requires physical access...