CVE-2026-44698 Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app WebView window.externalApp on Android and...

CVE-2026-44698

CVE-2026-44698 affects the Home Assistant Companion apps for Android and iOS, where a JavaScript bridge exposed to in-app WebView could be reached by all frames. The root cause is the bridge exposure along with unsanitized interpolation of the JavaScript callback identifier, allowing a cross-orig...

EUVD-2026-31250

Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...

CVE-2026-22880 Mobile SSO authentication flow allows credential theft via malicious server

Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...

CVE-2026-22880

Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...

PT-2026-42432

Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...

Mattermost Mobile Apps 跨站请求伪造漏洞

Mattermost Mobile Apps is a messaging mobile application developed by the American company Mattermost. Versions of Mattermost Mobile Apps prior to 2.0.37, 11.0.4 and earlier, 11.1.3 and earlier, 11.3.2 and earlier, as well as 10.11.11.0 and earlier, contain a cross-site request forgeing...

KLA90927 OSI vulnerability in Microsoft Apps

An information disclosure vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to obtain sensitive information, bypass security restrictions. Original advisories CVE-2026-26123 Exploitation CVE list CVE-2026-26123 high Solution Install necessary updates from t...

EUVD-2025-208113

The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicio...

PT-2026-21920

Name of the Vulnerable Software and Affected Versions Gardyn IoT Hub affected versions not specified Description Administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. This exposure may allow ...

Mopri - an Analysis Framework for Unveiling Privacy Violations in Mobile Apps

Everyday services of society increasingly rely on mobile applications, resulting in a conflicting situation between the possibility of participation on the one side and user privacy and digital freedom on the other. In order to protect users' rights to informational self-determination, regulatory...

Don’t Just Replace Kenna- Evolve to Vulnerability Exposure Management

Cisco has announced the end-of-sale for Cisco Vulnerability Management formerly Kenna Security, leaving security teams with a critical decision: remain on a legacy path or transform. Yes, it is true that the Kenna Security platform will be supported until June 30th, 2028 but the platform won’t be...

CVE-2019-20849

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...

CVE-2019-20852

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information e.g., server addresses or message content...

CVE-2019-20848

An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies...

CVE-2019-20851

An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device...

CVE-2025-1558

Mattermost Mobile Apps versions =2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF...

PT-2025-54448

Name of the Vulnerable Software and Affected Versions nebelhorn Blappsta Mobile App Plugin & Your native, mobile iPhone App and Android App versions through 0.8.8.8 Description The software contains a flaw related to improper input handling during web page generation, leading to a Reflected...

CVE-2025-59480

Mattermost Mobile Apps versions =2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses...

Mattermost Mobile Apps 安全漏洞

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps version 2.32.0 and prior versions, which stems from an unverified SSO redirect token source that could lead to obtaining user session credentials...