CVE-2026-47430

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

CVE-2026-47430

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

PT-2026-47194

Name of the Vulnerable Software and Affected Versions Cordova Plugin InAppBrowser versions 3.1.0 through 6.0.0 Description The iOS implementation of the InAppBrowser plugin fails to validate the id field from a WKScriptMessage body before passing it to the commandDelegate...

CVE-2018-1000123

Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files CWE-532 vulnerability in CDVKeychain.m that can result in login, password and other sensitive data leakage. This attack appear to be exploitable...

CVE-2025-65835

The Cordova plugin cordova-plugin-x-socialsharing SocialSharing-PhoneGap-Plugin for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses...

@luxos/share-panel (>=1.0.0 <=1.0.3), @types/cordova-plugin-x-socialsharing (>=5.4.5 <=5.4.8) +4 more potentially affected by CVE-2025-65835 via cordova-plugin-x-socialsharing (>=5.6.8 <=6.0.4)

cordova-plugin-x-socialsharing NPM version =5.6.8, =1.0.0, =5.4.5, =0.0.1, =1.0.0 - radoo-odc-app =0.0.1 Source cves: CVE-2025-65835 Source advisory: SNYK:JS-CORDOVAPLUGINXSOCIALSHARING-14426472...

CVE-2025-65835

The Cordova plugin cordova-plugin-x-socialsharing SocialSharing-PhoneGap-Plugin for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses...

CVE-2025-65835

The Cordova plugin cordova-plugin-x-socialsharing SocialSharing-PhoneGap-Plugin for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses...

PhoneGap / Cordova Social Sharing plugin 安全漏洞

PhoneGap / Cordova Social Sharing plugin is a text file sharing plugin by Eddy Verbruggen Personal Developer. A security vulnerability exists in the PhoneGap / Cordova Social Sharing plugin version 6.0.4, which stems from the exported broadcast receiver not checking if Intent.EXTRACHOSENCOMPONENT...

CVE-2025-65835

The Cordova plugin cordova-plugin-x-socialsharing SocialSharing-PhoneGap-Plugin for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses...

CVE-2025-65835

The CVE-2025-65835 family concerns the Cordova plugin cordova-plugin-x-socialsharing (SocialSharing-PhoneGap-Plugin) for Android, version 6.0.4. An exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent accepts android.intent.action.SEND intents and dereferences Intent.EXTRA_C...

EUVD-2025-37268

Malicious code in cordova-plugin-globalization.moment npm...

MAL-2025-49253 Malicious code in cordova-plugin-globalization.moment (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 431a9d9edd37d8a5dc80555f3c56e275f5c79162ed66ae419cc7b2450c6ad75c The package cordova-plugin-globalization.moment was found to contain malicious code. Source: ghsa-malware...

EUVD-2019-0366

Malware in sbrugna...

EUVD-2018-1847

Malware in sbrugna...

EUVD-2022-3206

Malicious code in bioql PyPI...

EUVD-2023-2912

Malicious code in bioql PyPI...

Malicious code in cordova-plugin-voxeet2 (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96ae7ef5d43ef45901a8613d236559761bb72ca1729594ffc8b3df8200250094 Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47301 Malicious code in cordova-plugin-voxeet2 (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96ae7ef5d43ef45901a8613d236559761bb72ca1729594ffc8b3df8200250094 Any computer that has this package installed or running should be considered fully compromised. All...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...