Lucene search
+L

18 matches found

NVD
NVD
added 2026/07/02 9:16 p.m.6 views

CVE-2026-58460

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS0.00138EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/02 8:10 p.m.5 views

CVE-2026-58460 react-native-receive-sharing-intent Path Traversal via _display_name

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS6.1AI score0.00138EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 5:40 p.m.4 views

CVE-2026-54318 Home Assistant: Exported BroadcastReceiver allows local apps to spoof device location

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any installed app, with zero runtime permissions, can broadcast a forged Google Play Services...

7.1CVSS5.9AI score0.00113EPSS
Exploits1References4
CVE
CVE
added 2026/06/23 5:40 p.m.45 views

CVE-2026-54318

Affected software: Home Assistant Android components. Vulnerability: LocationSensorManager BroadcastReceiver was exported with no permission prior to 2026.5.3, allowing any local app (zero runtime permissions) to broadcast a forged Google Play Services LocationResult to spoof the device’s locatio...

7.1CVSS5.9AI score0.00113EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51577

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2026.5.3 Description The LocationSensorManager BroadcastReceiver is exported without requiring permissions. This allows any installed application on the device, regardless of its runtime permissions, to send a...

7.1CVSS5.8AI score0.00113EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.5 views

CVE-2025-65835

The Cordova plugin cordova-plugin-x-socialsharing SocialSharing-PhoneGap-Plugin for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses...

6.2CVSS6.7AI score0.00243EPSS
Exploits1References1
NVD
NVD
added 2025/12/15 7:16 p.m.11 views

CVE-2025-65835

The Cordova plugin cordova-plugin-x-socialsharing SocialSharing-PhoneGap-Plugin for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses...

6.2CVSS0.00243EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.5 views

PhoneGap / Cordova Social Sharing plugin 安全漏洞

PhoneGap / Cordova Social Sharing plugin is a text file sharing plugin by Eddy Verbruggen Personal Developer. A security vulnerability exists in the PhoneGap / Cordova Social Sharing plugin version 6.0.4, which stems from the exported broadcast receiver not checking if Intent.EXTRACHOSENCOMPONENT...

6.2CVSS6.3AI score0.00243EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.2 views

CVE-2025-65835

The Cordova plugin cordova-plugin-x-socialsharing SocialSharing-PhoneGap-Plugin for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses...

6.3AI score0.00243EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.23 views

CVE-2025-65835

The Cordova plugin cordova-plugin-x-socialsharing SocialSharing-PhoneGap-Plugin for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses...

0.00243EPSS
Exploits1References3
CVE
CVE
added 2025/12/15 12:0 a.m.22 views

CVE-2025-65835

The CVE-2025-65835 family concerns the Cordova plugin cordova-plugin-x-socialsharing (SocialSharing-PhoneGap-Plugin) for Android, version 6.0.4. An exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent accepts android.intent.action.SEND intents and dereferences Intent.EXTRA_C...

6.2CVSS6.3AI score0.00243EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.6 views

PT-2025-51277

Name of the Vulnerable Software and Affected Versions cordova-plugin-x-socialsharing version 6.0.4 Description The Cordova plugin cordova-plugin-x-socialsharing SocialSharing-PhoneGap-Plugin for Android registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with a...

6.2CVSS6.6AI score0.00243EPSS
Exploits1References7
OSV
OSV
added 2025/12/15 12:0 a.m.6 views

CVE-2025-65835

The Cordova plugin cordova-plugin-x-socialsharing SocialSharing-PhoneGap-Plugin for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses...

6.2CVSS6.7AI score0.00243EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2018-6888

Malware in sbrugna...

5.5CVSS5.6AI score0.00533EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.8 views

PT-2024-12697 · Google +1 · Android +1

Name of the Vulnerable Software and Affected Versions: TCL 20XE Android device versions with software build fingerprints TCL/5087Z BO/Doha TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z BO/Doha TMO:11/RP1A.200720.011/PB83-0:user/release-keys Description: The issue concerns a...

8.7CVSS6.7AI score0.0036EPSS
Exploits0References4
OSV
OSV
added 2018/12/28 9:29 p.m.6 views

CVE-2018-14985

The Leagoo Z5C Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.android.settings versionCode=23, versionName=6.0-android.20170630.092853 that contains an exported...

7.1CVSS5.8AI score0.00347EPSS
Exploits1References2
OSV
OSV
added 2018/12/28 9:29 p.m.4 views

CVE-2018-15005

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.zte.zdm.sdm versionCode=31, versionName=V5.0.3 that contains an exported broadcast receiver app componen...

7.1CVSS5.8AI score0.00473EPSS
Exploits1References3
Prion
Prion
added 2017/01/13 9:59 a.m.42 views

Design/Logic Flaw

An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute t...

7.2CVSS7.7AI score0.00381EPSS
Exploits0References3
Rows per page
Query Builder