atool

ATOOL - Android Static Analysis & Exploit Scanner v1.0 !Pyth...

EUVD-2024-52693

Malicious code in bioql PyPI...

EUVD-2022-39596

Malicious code in bioql PyPI...

EUVD-2025-13371

Malicious code in bioql PyPI...

CVE-2022-36938

DexLoader function getstringidxfromdex in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file...

Cross-site Scripting (XSS)

mobsf is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization during SVG file handling in the Android APK analysis workflow, which allows malicious scripts to be embedded in the SVG files...

CVE-2025-46335

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...

CVE-2025-46335

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...

CVE-2025-46335

The CVE-2025-46335 entry concerns Mobile Security Framework (MobSF) and describes a Stored Cross-Site Scripting (XSS) vulnerability in MobSF versions up to 4.3.2, arising from improper sanitization of user-supplied SVG files during the Android APK analysis workflow. Affected component: MobSF Andr...

CVE-2025-46335 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...

CVE-2025-46335 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...

Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload

Vulnerable MobSF Versions: .svg This file becomes publicly accessible via the web interface at: http://127.0.0.1:8081/download/filename.svg If the SVG contains embedded JavaScript e.g., an XSS payload, accessing this URL via a browser leads to the execution of the script in the context of the Mob...

GHSA-MWFG-948F-2CC5 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload

Vulnerable MobSF Versions: .svg This file becomes publicly accessible via the web interface at: http://127.0.0.1:8081/download/filename.svg If the SVG contains embedded JavaScript e.g., an XSS payload, accessing this URL via a browser leads to the execution of the script in the context of the Mob...

Cross-site Scripting (XSS)

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Cross-site...

PT-2025-19768 · Mobsf +1 · Mobsf +1

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions up to and including 4.3.2 Description: A Stored Cross-Site Scripting XSS issue has been identified in MobSF. The issue arises from improper sanitization of user-supplied SVG files during the Android AP...

CVE-2024-54916

An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escalate privileges by manipulating the return value of the checkPasscode method...

CVE-2024-54916

An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escalate privileges by manipulating the return value of the checkPasscode method...

CVE-2024-54916

An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escalate privileges by manipulating the return value of the checkPasscode method...

CVE-2024-50657

An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method...

CVE-2024-50657

Owncloud Android APK 4.3.1 is affected by a privilege-escalation issue in the PassCodeViewModel.checkPassCodeIsValid method. The vulnerability is triggered by a physically proximate attacker and results in elevated privileges within the app. Public details consistently reference the affected vers...