Notesnook 代码注入漏洞

Notesnook is an end-to-end encrypted note application developed by Streetwriters. There were code injection vulnerabilities in versions of Notesnook Web/Desktop prior to 3.3.11, as well as in versions for Android/iOS prior to 3.3.17. These vulnerabilities stemmed from a stored-xss vulnerability...

CVE-2025-47147

Cleartext Storage of Sensitive Information CWE-312 in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile...

CVE-2026-2974

A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...

CVE-2025-56400

Cross-Site Request Forgery CSRF vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa accoun...

EUVD-2019-4401

Malware in sbrugna...

EUVD-2019-3589

Malware in sbrugna...

EUVD-2020-25339

Malware in sbrugna...

EUVD-2020-12733

Malware in sbrugna...

EUVD-2021-23357

Malware in sbrugna...

EUVD-2021-19772

Malware in sbrugna...

EUVD-2015-0906

Malware in sbrugna...

EUVD-2015-5586

Malware in sbrugna...

EUVD-2015-5588

Malware in sbrugna...

EUVD-2021-10959

Malware in sbrugna...

CVE-2025-45083

Incorrect access control in Ullu Android version v2.9.929 and IOS version v2.8.0 allows attackers to bypass parental pin feature via unspecified vectors...

CVE-2024-32988

'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is reverse-engineered...

CVE-2021-36769

A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client...

CVE-2024-12402

CVE-2024-12402 impacts the Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress. The root cause is insecure direct object reference: the plugin does not properly validate a user’s identity before password updates in update_user_profile(), enabling unauthenticate...

CVE-2023-4617

CVE-2023-4617 describes an incorrect authorization vulnerability in the Govee Home application (Android and iOS) that is exploitable via the HTTP POST method. A remote attacker can manipulate the request fields—device , sku , and type —to gain control of devices owned by other users. Affected ver...

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid signatures...