Astra Linux – Vulnerability in Firefox and Thunderbird

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could lead to reflected file download attacks that potentially trick users into installing malware. This vulnerability affects Firefox 112, Focu...

Astra Linux – Vulnerability in Chromium

Insecure security user interfaces during downloads in Google Chrome on Android before version 90.0.4430.93 allowed a remote attacker to perform domain spoofing through a crafted HTML page...

Astra Linux – Vulnerability in Linux 5.10

In ioidentitycow of iouring.c, there is a potential way to corrupt memory due to a use after free. This could lead to a local escalation of privileges, as the exploit requires system execution privileges. User interaction is not required for exploitation. Product: Android Versions: Android kernel...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86: x86-android-tablets: Fixed errors related to use of pdevs after the free function is called via platformdeviceregister. The x86androidtabletremove function frees the pdevs array; therefore, it should not be used...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: x86-android-tablets: Fixed a problem where the touchscreen function was not working properly on the Chuwi Hi8 when using the Windows BIOS. The handling of touchscreen operations for the Chuwi Hi8 is only necessary...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Binder: Fix for UAF in alloc-vma during race with munmap cmllamas: Cleaned up the forward port from commit 015ac18be7de “Binder: Fix for UAF in alloc-vma during race with munmap” in 5.10 stable. This was necessary in the mainline...

Astra Linux – Vulnerability in Firefox

If multiple instances of resource exhaustion occur at the wrong time, the garbage collector could cause memory corruption and potentially exploitable crashes. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

Astra Linux – Vulnerability in Firefox

When a secure cookie exists in the Firefox cookie jar, an insecure cookie for the same domain could be created. This should have resulted in a silent failure. This could lead to a discrepancy in the expected results when reading from the secure cookie. This vulnerability affects Firefox for Andro...

Astra Linux – Vulnerability in Firefox

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object’s debugger vector. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

Astra Linux – Vulnerability in Firefox

Under specific circumstances, a WebExtension may receive a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This allows directory paths to be accessed on the user’s machine. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

Astra Linux – Vulnerability in Firefox, Thunderbird

After a Garbage Collector compaction, weak maps might have been accessed before they were properly traced. This led to memory corruption and potentially exploitable crashes. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for Android 112, and Thunderbird...

Astra Linux - уязвимость в linux

In hidinputchangeresolutionmultipliers of hid-input.c, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to a local privilege escalation without the need for additional execution privileges. User interaction is not required for exploitation. Product: Android...

Astra Linux – Vulnerability in Firefox

Under certain circumstances, calling the bind function might result in an incorrect realm being set. This could create a vulnerability related to JavaScript-implemented sandboxes, such as SES. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

Astra Linux – Vulnerability in Firefox

Multiple race conditions in the font initialization could have led to memory corruption and the execution of attacker-controlled code. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

Malicious code in metoopro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6e089d4b8b0fe90a96024c1160f198df5ab7ec0b30f1f5765cf81ef4aa640279 Designed to run on Android. Under the mask of an AI agent, the code downloads a remote executable on import, and during usage, silently exfiltrates data like...

MAL-2026-3247 Malicious code in metoopro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6e089d4b8b0fe90a96024c1160f198df5ab7ec0b30f1f5765cf81ef4aa640279 Designed to run on Android. Under the mask of an AI agent, the code downloads a remote executable on import, and during usage, silently exfiltrates data like...

CVE-2026-7671 CodeWise Tornet Scooter Mobile App TwoFactor excessive authentication

A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. Attacks of...

CVE-2026-23866

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggerin...

CVE-2026-23866

CVE-2026-23866 affects WhatsApp for iOS and Android, in conjunction with Instagram Reels, where incomplete validation of AI-rich response messages could allow a user to trigger processing of media from an arbitrary URL on another user’s device, potentially invoking OS-controlled custom URL scheme...

CVE-2026-23866

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggerin...