CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/29 2:16 p.m.•10 views

CVE-2026-44698

8.3CVSS0.0002EPSS

Vulnrichment•added 2026/05/29 1:32 p.m.•8 views

CVE-2026-44698 Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection

ATTACKERKB•added 2026/05/29 1:32 p.m.•5 views

CVE-2026-44698

Exploits0References2Affected Software3

CVE•added 2026/05/29 1:32 p.m.•27 views

CVE-2026-44698

CVE-2026-44698 affects the Home Assistant Companion apps for Android and iOS, where a JavaScript bridge exposed to in-app WebView could be reached by all frames. The root cause is the bridge exposure along with unsanitized interpolation of the JavaScript callback identifier, allowing a cross-orig...

EUVD•added 2026/05/29 1:32 p.m.•7 views

EUVD-2026-33317

CNNVD•added 2026/05/29 12:0 a.m.•5 views

Home Assistant 安全漏洞

Home Assistant is an open-source family automation management system developed by Home Assistant. This system is primarily used to control household automation devices. Versions of Home Assistant prior to 2026.4.1 for iOS and 2026.4.4 for Android have security vulnerabilities. These vulnerabiliti...

Positive Technologies•added 2026/05/29 12:0 a.m.•5 views

PT-2026-44845

Name of the Vulnerable Software and Affected Versions Home Assistant Companion app for iOS versions prior to 2026.4.1 Home Assistant Companion app for Android versions prior to 2026.4.4 Description The Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app...

8.3CVSS6AI score0.0002EPSS

Packet Storm•added 2026/03/12 12:0 a.m.•157 views

📄 Alipay Open Redirect / API Attacker Payload Insertion

A single crafted URL enables a complete attack chain against Alipay mobile application users that can allow for data exfiltration. As the vendor has stated this is normal behavior with no apparent plans to address the problem, this is being published to make users aware. Alipay Mobile App -...

5.8AI score

Exploits0

Github Security Blog•added 2026/02/09 9:30 a.m.•4 views

MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability

Impact Critical Sandbox Escape & Server Takeover: A critical security vulnerability exists in mcp-run-python due to a lack of isolation between the Python runtime Pyodide and the host JavaScript environment. The runPython and runPythonAsync functions execute Python code using Pyodide without...

5.8CVSS6.1AI score0.00013EPSS

Exploits0References3Affected Software1

OSV•added 2026/02/09 9:30 a.m.•2 views

GHSA-PFV4-WMPH-5GC6 MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability

5.8CVSS6.3AI score0.00013EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-53937

Malicious code in bioql PyPI...

5.3CVSS4.9AI score0.00558EPSS

RedhatCVE•added 2025/03/01 5:20 p.m.•3 views

CVE-2024-9285

A vulnerability was found in Tu Yafeng Via Browser up to 5.9.0 on Android. It has been rated as problematic. This issue affects some unknown processing of the component Javascript Bridge. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.3CVSS6.4AI score0.00558EPSS

NVD•added 2025/02/27 5:15 p.m.•6 views

CVE-2024-9285

5.3CVSS0.00558EPSS

Cvelist•added 2025/02/27 4:35 p.m.•9 views

CVE-2024-9285 Tu Yafeng Via Browser Javascript Bridge cross site scripting

5.3CVSS0.00558EPSS

Vulnrichment•added 2025/02/27 4:35 p.m.•6 views

CVE-2024-9285 Tu Yafeng Via Browser Javascript Bridge cross site scripting

5.3CVSS4.4AI score0.00558EPSS