SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package developed by Samsung Electronics of South Korea. It provides patches for Samsung mobile applications. Versions prior to SAMSUNG SMR May-2026 Release 1 contained security vulnerabilities. These vulnerabilities stemmed from improper export of Android applicatio...

CVE-2026-27195 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

CVE-2026-20983

Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege...

SAMSUNG Dialer 安全漏洞

Samsung Dialer is a dialer application developed by South Korea’s Samsung Corporation. Versions of the Samsung Dialer prior to SMR Feb-2026 Release 1 contained security vulnerabilities. These vulnerabilities stemmed from improper export of Android application components, potentially allowing loca...

CVE-2024-34654

Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege...

CVE-2025-14517

A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android application components. The attack can only be executed locally. The exploit has been publicly disclosed...

CVE-2025-58483

Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store...

GHSA-WRWG-2HG8-V723 Astro vulnerable to reflected XSS via the server islands feature

Summary After some research it appears that it is possible to obtain a reflected XSS when the server islands feature is used in the targeted application, regardless of what was intended by the component templates. Details Server islands run in their own isolated context outside of the page reques...

EUVD-2025-30328

Malicious code in bioql PyPI...

EUVD-2025-24042

Malicious code in bioql PyPI...

EUVD-2025-28815

Malicious code in bioql PyPI...

EUVD-2025-26237

Malicious code in bioql PyPI...

CVE-2025-10721

A vulnerability was determined in Webull Investing & Trading App 11.2.5.63 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml. This manipulation causes improper export of android application components. The attack can only be executed locally. The exploit has been...

CVE-2025-10718

A vulnerability was found in Ooma Office Business Phone App up to 7.2.2 on Android. This affects an unknown part of the component com.ooma.office2. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been made...

CVE-2025-10717

A vulnerability has been found in intsig CamScanner App 6.91.1.5.250711 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.intsig.camscanner. The manipulation leads to improper export of android application components. Local acces...

CVE-2025-10715

A security flaw has been discovered in APEUni PTE Exam Practice App up to 10.8.0 on Android. The impacted element is an unknown function of the file AndroidManifest.xml of the component com.apeedication. The manipulation results in improper export of android application components. The attack...

CVE-2025-10722

A vulnerability was detected in SKTLab Mukbee App 1.01.196 on Android. This affects an unknown function of the file AndroidManifest.xml of the component com.dw.android.mukbee. The manipulation results in improper export of android application components. The attack must be initiated from a local...

CVE-2025-10721

A vulnerability was determined in Webull Investing & Trading App 11.2.5.63 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml. This manipulation causes improper export of android application components. The attack can only be executed locally. The exploit has been...

CVE-2025-10722

CVE-2025-10722 affects SKTLab Mukbee App 1.01.196 on Android, specifically the AndroidManifest.xml component com.dw.android.mukbee, causing improper export of app components. The vulnerability requires local access, and public exploit code is available. Vendor has not responded to disclosure. CVS...

CVE-2025-10722 SKTLab Mukbee App com.dw.android.mukbee AndroidManifest.xml improper export of android application components

A vulnerability was detected in SKTLab Mukbee App 1.01.196 on Android. This affects an unknown function of the file AndroidManifest.xml of the component com.dw.android.mukbee. The manipulation results in improper export of android application components. The attack must be initiated from a local...