10952 matches found
PT-2025-33131 · Webview · Webview
Name of the Vulnerable Software and Affected Versions: versions prior to 2025-27388 Description: Loading arbitrary external URLs through WebView components introduces malicious JavaScript JS code that can steal arbitrary user tokens. Recommendations: At the moment, there is no information about a...
Linux Distros Unpatched Vulnerability : CVE-2025-32072
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects...
Malicious code in @hotandcold/classic-webview (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-6687 Malicious code in @hotandcold/classic-webview (npm)
The package communicates with a domain associated with malicious activity...
Android-Reports-and-Resources
It is an offensive tool for Android. This repository contains a list of Android Hackerone disclosed reports and other resources, including hardcoded credentials, WebView vulnerabilities, insecure deeplinks, and RCE/ACE exploits. The primary report is CVE-2021-XXXX-XXXX, but only a few reports are...
Malicious code in vscode-webview-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c554272558835d430a639e8f5586c55232eac880a493f0e8228bd4ac5e8d87d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
[SECURITY] Fedora 42 Update: qt6-qtwebview-6.9.1-1.fc42
Qt WebView provides a way to display web content in a QML application without necessarily including a full web browser stack by using native APIs where it makes sense...
CVE-2023-26316
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies...
CVE-2023-29459
The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary...
CVE-2023-26309
A remote code execution vulnerability in the webview component of OnePlus Store app...
CVE-2023-51219
A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...
CVE-2023-42470
The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content...
CVE-2023-26311
A remote code execution vulnerability in the webview component of OPPO Store app...
CVE-2022-28799
The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL unvalidated deeplink can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click...
CVE-2022-25824
Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...
CVE-2022-24923
Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...
CVE-2021-25463
Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview...
CVE-2021-25439
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O8.1 and below, and 3.9.10.11 in Android P9.0 and above allows untrusted applications to cause arbitrary webpage loading in webview...
CVE-2021-25448
Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview...
CVE-2021-36214
LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView...