CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

353 matches found

CVE-2026-47430

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS

Exploits0References2

EUVD•added yesterday•4 views

EUVD-2026-35041

9.5CVSS5.4AI score

Exploits0References1

Vulnrichment•added yesterday•4 views

CVE-2026-47430 Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews

9.5CVSS5.4AI score

Exploits0References1

CVE•added yesterday•24 views

CVE-2026-47430

CVE-2026-47430 affects the iOS implementation of Cordova Plugin InAppBrowser. The issue arises when the WKScriptMessage id field is passed to commandDelegate sendPluginResult:callbackId: without format validation (CDVWKInAppBrowser.m:560–574), allowing a web content loaded in the InAppBrowser to ...

9.5CVSS5.4AI score

Exploits0References2

ATTACKERKB•added yesterday•2 views

CVE-2026-47430

9.5CVSS5.4AI score

Exploits0References2Affected Software1

Cvelist•added yesterday•6 views

CVE-2026-47430 Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews

9.5CVSS

Exploits0References1

Positive Technologies•added 2 days ago•9 views

PT-2026-47194

Name of the Vulnerable Software and Affected Versions Cordova Plugin InAppBrowser versions 3.1.0 through 6.0.0 Description The iOS implementation of the InAppBrowser plugin fails to validate the id field from a WKScriptMessage body before passing it to the commandDelegate...

9.5CVSS5.5AI score

Exploits0References4

GithubExploit•added 2026/02/17 6:42 a.m.•139 views

ionic-spid-poc-crs

SPID SSO POC — Ionic React + Node.js + Signicat Sandbox A p...

5.9AI score

Exploits0

RedhatCVE•added 2026/01/09 12:15 p.m.•6 views

CVE-2018-1000123

Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files CWE-532 vulnerability in CDVKeychain.m that can result in login, password and other sensitive data leakage. This attack appear to be exploitable...

9.8CVSS6.7AI score0.00327EPSS

Exploits0References1

RedhatCVE•added 2025/12/17 8:7 a.m.•2 views

CVE-2025-65835

The Cordova plugin cordova-plugin-x-socialsharing SocialSharing-PhoneGap-Plugin for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses...

6.2CVSS6.7AI score0.00042EPSS

Exploits1References1

EUVD•added 2025/12/15 9:30 p.m.•2 views

EUVD-2025-203405

6.2CVSS6.2AI score0.00042EPSS

Exploits1References4

Snyk•added 2025/12/15 7:40 p.m.•1 views

NULL Pointer Dereference

Overview cordova-plugin-x-socialsharing is a Share text, images and other files, or a link via the native sharing widget of your device. Android is fully supported, as well as iOS 6 and up. WP8 has somewhat limited support. Affected versions of this package are vulnerable to NULL Pointer...

6.9CVSS6.7AI score0.00042EPSS

Exploits1References2

vulnersOsv•added 2025/12/15 7:40 p.m.•3 views

@luxos/share-panel (>=1.0.0 <=1.0.3), @types/cordova-plugin-x-socialsharing (>=5.4.5 <=5.4.8) +4 more potentially affected by CVE-2025-65835 via cordova-plugin-x-socialsharing (>=5.6.8 <=6.0.4)

cordova-plugin-x-socialsharing NPM version =5.6.8, =1.0.0, =5.4.5, =0.0.1, =1.0.0 - radoo-odc-app =0.0.1 Source cves: CVE-2025-65835 Source advisory: SNYK:JS-CORDOVAPLUGINXSOCIALSHARING-14426472...

6.2CVSS5.8AI score0.00042EPSS

Exploits1

NVD•added 2025/12/15 7:16 p.m.•4 views

CVE-2025-65835

6.2CVSS0.00042EPSS

Exploits1References3

OSV•added 2025/12/15 7:16 p.m.•2 views

CVE-2025-65835

6.2CVSS6.7AI score

Exploits0References3

CNNVD•added 2025/12/15 12:0 a.m.•2 views

PhoneGap / Cordova Social Sharing plugin 安全漏洞

PhoneGap / Cordova Social Sharing plugin is a text file sharing plugin by Eddy Verbruggen Personal Developer. A security vulnerability exists in the PhoneGap / Cordova Social Sharing plugin version 6.0.4, which stems from the exported broadcast receiver not checking if Intent.EXTRACHOSENCOMPONENT...

6.2CVSS6.3AI score0.00042EPSS

Exploits1References3

CVE•added 2025/12/15 12:0 a.m.•9 views

CVE-2025-65835

The CVE-2025-65835 family concerns the Cordova plugin cordova-plugin-x-socialsharing (SocialSharing-PhoneGap-Plugin) for Android, version 6.0.4. An exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent accepts android.intent.action.SEND intents and dereferences Intent.EXTRA_C...

6.2CVSS6.3AI score0.00042EPSS

Exploits1References3Affected Software1

Cvelist•added 2025/12/15 12:0 a.m.•14 views

CVE-2025-65835

0.00042EPSS

Exploits1References3

OSV•added 2025/10/30 11:58 p.m.•1 views

MAL-2025-49253 Malicious code in cordova-plugin-globalization.moment (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 431a9d9edd37d8a5dc80555f3c56e275f5c79162ed66ae419cc7b2450c6ad75c The package cordova-plugin-globalization.moment was found to contain malicious code. Source: ghsa-malware...

6.9AI score

Exploits0References1

OSSF Malicious Packages•added 2025/10/30 11:58 p.m.•3 views

Malicious code in cordova-plugin-globalization.moment (npm)

6.9AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by