Lucene search
K

76139 matches found

NVD
NVD
added yesterday4 views

CVE-2026-22093

The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...

9.5CVSS0.00203EPSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-22093

CVE-2026-22093 affects EVbee Service app (v1.4.101.00). The issue arises because the Android app performs TLS/HTTPS communication but does not validate the server certificate, enabling a man‑in‑the‑middle attacker on the network path to intercept and manipulate traffic. Additionally, the app is d...

9.5CVSS6.1AI score0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday23 views

CVE-2026-22093 Adversary-in-the-Middle (AitM) attack vulnerability in EVbee Service app

The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...

9.5CVSS0.00203EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-15495

A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotel...

6.5CVSS0.01543EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43217

A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The manipulation of the argument path leads to os command injection. The attack can be initiated remotel...

6.5CVSS6.3AI score0.01543EPSS
Exploits0References6
CVE
CVE
added 2 days ago12 views

CVE-2026-15495

The vulnerability CVE-2026-15495 affects SonicCloudOrg sonic-agent up to version 2.7.2, specifically in the Android WebSocket Server component’s AndroidWSServer.java. The issue arises from manipulating the path argument, causing os command injection. It is remotely exploitable and has public disc...

6.5CVSS6.3AI score0.01543EPSS
Exploits0References6
The Hacker News
The Hacker News
added 4 days ago8 views

Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking

Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure. The apps flagged with at least one problem have been installed more than 2.4...

6.1AI score
Exploits0
NVD
NVD
added 4 days ago9 views

CVE-2026-21054

Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data...

6.9CVSS0.00115EPSS
Exploits0References1
NVD
NVD
added 4 days ago9 views

CVE-2026-21055

Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege...

8.5CVSS0.00121EPSS
Exploits1References1
CVE
CVE
added 4 days ago15 views

CVE-2026-21055

CVE-2026-21055 affects Bixby on Android prior to version 4.0.70.8. The flaw is improper export of Android components , allowing local attackers to execute arbitrary commands with Bixby privilege . The CVSS metrics indicate a HIGH impact (local exploit, no user interaction, high confidentiality/in...

8.5CVSS6.2AI score0.00121EPSS
Exploits1References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42825

Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege...

8.5CVSS6.2AI score0.00121EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-21055

Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege...

8.5CVSS6.2AI score0.00121EPSS
Exploits1References2
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-21055

Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege...

8.5CVSS0.00121EPSS
Exploits1References1
CVE
CVE
added 4 days ago13 views

CVE-2026-21054

The CVE-2026-21054 describes an issue in the InputSharing Android component where improper export of application components before version 2.7.01.4 allows local attackers to access sharing data. Affected software: InputSharing, vulnerable up to but not including 2.7.01.4. Root cause: Android comp...

6.9CVSS5.9AI score0.00115EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42824

Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data...

6.9CVSS5.9AI score0.00115EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-21054

Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data...

6.9CVSS0.00115EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-21054

Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data...

6.9CVSS5.9AI score0.00115EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-57096

Name of the Vulnerable Software and Affected Versions Bixby versions prior to 4.0.70.8 Description Improper export of Android application components allows local attackers to execute arbitrary commands with Bixby privileges. Recommendations Update Bixby to version 4.0.70.8 or later...

8.5CVSS6.3AI score0.00121EPSS
Exploits1References6
NVD
NVD
added 5 days ago10 views

CVE-2026-58378

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access...

8.8CVSS0.00242EPSS
Exploits0References2
CVE
CVE
added 5 days ago13 views

CVE-2026-58378

CVE-2026-58378 affects the Allwinner H616 TV Box TV98 where ADB is enabled and exposed on production to the network. The vulnerability can allow an attacker to request ADB authorization and obtain root privileges if the user authorizes access. Public metrics show a high severity (CVSS v3.1/4.0 ba...

8.8CVSS6AI score0.00242EPSS
Exploits0References2
Rows per page
Query Builder