CVE-2026-44698

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app WebView window.externalApp on Android and...

CVE-2026-7978

Inappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. Chromium security severity: Medium...

CVE-2026-7978

Inappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. Chromium security severity: Medium...

CVE-2026-31993

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

CVE-2026-31993

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

EUVD-2026-13025

OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mismatch vulnerability in the macOS companion app that allows authenticated operators to bypass exec approval checks. Attackers with operator.write privileges and a paired macOS beta node can craft shell-chain payloads that pass...

NordicTrackExploit

QZCompanionNordictrackTreadmill Companion App of QZ for Nordic...

CVE-2025-48594

In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed...

CVE-2025-48594

In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed...

CVE-2025-48594

Technical details for CVE-2025-48594 are not publicly available in the provided documents. No specifics on affected products, versions, root cause, or fixes are disclosed here. Monitor for updates from connected sources.

EUVD-2020-25284

Malware in sbrugna...

EUVD-2020-25285

Malware in sbrugna...

CVE-2023-22524

Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code...

CVE-2022-20266

In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed fo...

Atlassian Releases Security Advisories for Multiple Products

Atlassian has released security updates to address vulnerabilities affecting multiple Atlassian products. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply th...

CVE-2023-22524

Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code...

CVE-2023-22524

CVE-2023-22524 describes a remote code execution in the Atlassian Companion App for macOS. The issue arises from how the app handles certain file types and its WebSocket-based communication, allowing an attacker to bypass the app’s blocklist and macOS Gatekeeper, potentially enabling arbitrary co...

Atlassian Companion app security breach

The Atlassian Companion app is an application from Atlassian Australia that enables users to edit Confluence files in their preferred desktop application. A security vulnerability exists in versions of the Atlassian Companion app prior to 2.0.0 that stems from the presence of a remote code...

PT-2023-7590 · Atlassian · Companion App

Name of the Vulnerable Software and Affected Versions: Atlassian Companion App for MacOS affected versions not specified Description: The issue is related to a remote code execution vulnerability in the Atlassian Companion App for MacOS. An attacker could utilize WebSockets to bypass Atlassian...

CVE-2022-20266

In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed fo...