17 matches found
CVE-2026-33045
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...
Cross-site Scripting (XSS)
Overview home-assistant-frontend is a The Home Assistant frontend Affected versions of this package are vulnerable to Cross-site Scripting XSS via the History-graph card in the history graph display component. An attacker can execute arbitrary JavaScript in a victim’s browser by supplying a...
EUVD-2026-16775
Home Assistant has stored XSS in history-graphs...
CVE-2026-33045
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...
CVE-2026-33045 Home Assistant has stored XSS in history-graphs
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...
CVE-2026-33045 Home Assistant has stored XSS in history-graphs
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...
PT-2026-28467
Name of the Vulnerable Software and Affected Versions Home Assistant versions 2025.02 through 2026.01 Description The "remaining charge time" sensor for mobile phones imported from Android Auto in Home Assistant is susceptible to cross-site scripting XSS. This issue is similar to CVE-2025-62172...
EUVD-2020-1772
Malware in sbrugna...
CVE-2020-0269
In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645626...
CarlinKit CPC200-CCPA 数据伪造问题漏洞
The CarlinKit CPC200-CCPA is a wireless CarPlay and Android Auto adapter from CarlinKit. The CarlinKit CPC200-CCPA suffers from a Data Forgery Issue vulnerability that stems from a failure to validate cryptographic signatures during USB update packet processing, which could lead to arbitrary code...
Google Android Auto Settings Information Disclosure Vulnerability
Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A security vulnerability exists in the Android-11 version, which stems from an insecure hang in Android Auto Settings that can be exploited by an attacker to cause a local information leak...
CVE-2020-0269
In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645626...
Information disclosure
In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645626...
CVE-2020-0269
In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645626...
Android Security Bulletin—December 2018Stay organized with collectionsSave and categorize content based on your preferences.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...
Android Auto Dialer Vulnerability
Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Consortium. There is a security vulnerability in Android Auto Dialer. The vulnerability arises because the system-level Intent mechanism "android.intent.action.CALL" defined in...
Android Auto - BSD license, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Android Auto published at the 'play' market has multiple vulnerabilities...