467 matches found
CVE-2026-21014
Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability...
CVE-2026-21014
Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability...
EUVD-2026-21872
Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability...
CVE-2026-21014
Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability...
CVE-2026-21014
Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability...
CVE-2026-21014
The CVE affects Samsung Camera prior to version 16.5.00.28, where improper access control allows a local attacker to access the device geolocation data. Exploitation requires user interaction, and the impact is confined to confidentiality of location data. Remediation is to update Samsung Camera ...
PT-2026-32272
Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability...
SAMSUNG Camera 安全漏洞
Samsung Camera is a camera application developed by South Korea’s Samsung Corporation. Versions of Samsung Camera prior to 16.5.00.28 contained a security vulnerability caused by improper access control, which could allow local attackers to access location data...
Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc. The tool was developed by Israeli company Cobwebs Technologies...
CVE-2026-29055 Tandoor Recipes: WebP and GIF Image Uploads Bypass EXIF/Metadata Stripping, Leaking GPS Coordinates and PII
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the image processing pipeline in Tandoor Recipes explicitly skips EXIF metadata stripping, image rescaling, and size validation for WebP and GIF image formats. A...
📄 Alipay Open Redirect / API Attacker Payload Insertion
A single crafted URL enables a complete attack chain against Alipay mobile application users that can allow for data exfiltration. As the vendor has stated this is normal behavior with no apparent plans to address the problem, this is being published to make users aware. Alipay Mobile App -...
CVE-2026-20646
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information...
CVE-2026-20646
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information...
CVE-2026-20646
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information...
CVE-2026-20646
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information...
CVE-2026-20646
Summary (CVE-2026-20646) : A logging issue in macOS Tahoe 26.3 allowed reading of sensitive location information due to insufficient data redaction. Multiple sources (Apple advisory references and national/cross-vendor advisories) corroborate that the issue is fixed in macOS Tahoe 26.3. The vulne...
CVE-2026-20646
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information...
The Constitutionality of Geofence Warrants
The US Supreme Court is considering the constitutionality of geofence warrants. The case centers on the trial of Okello Chatrie, a Virginia man who pleaded guilty to a 2019 robbery outside of Richmond and was sentenced to almost 12 years in prison for stealing $195,000 at gunpoint. Police probing...
[SECURITY] Fedora 42 Update: gpsd-3.25-17.fc42
gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on the location/course/velocity of the sensor available to be queried on TCP port 2947 of the host computer. With gpsd, multiple GPS client applications such as...
CVE-2025-36911
In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote proximal/adjacent information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation...