CVE-2019-16681

The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. When in physical possession of the device, opening local files is also possible. NOTE: As of...

CVE-2019-12365

The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12370

The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12369

The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12366

The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2024-2300

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices...

CVE-2025-1629

A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vend...

CVE-2025-1558

Mattermost Mobile Apps versions =2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF...

CVE-2022-27837

A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R11.0 and 13.0.1.1 in Android S12.0 allows attacker to access the file with system privilege...

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

User interface ui misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network...

KLA90843 SUI vulnerability in Microsoft Browser

A spoofing vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2025-62224 Related products Microsoft-Edge CVE list CVE-2025-62224 warning KB list Solution Install necessary updates from the Settings and more...

PT-2026-1836

Name of the Vulnerable Software and Affected Versions Microsoft Edge for Android affected versions not specified Description The user interface in Microsoft Edge for Android exhibits a misrepresentation of critical information, potentially enabling an authorized attacker to conduct spoofing attac...

Microsoft Edge for Android 安全漏洞

Microsoft Edge for Android is a browser for Android from Microsoft Corporation, USA. A security vulnerability exists in Microsoft Edge for Android that stems from improper representation of critical information in the user interface, which could lead to a network spoofing attack...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000286)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000286 advisory. In uvcparsestandardcontrol of uvcdriver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure wi...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000291)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000291 advisory. In binderfreetransaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000279)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000279 advisory. In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000488)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000488 advisory. In calcvmmayflags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by...

Millions of Android Powered TVs and Streaming Devices Infected by Kimwolf Botnet

Synthient discovers over 2 million Android TV boxes and smart TVs hijacked by the Kimwolf botnet. Learn how hackers are using home devices to launch DDoS attacks and how you can protect your home network...

PT-2026-1549

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 143.0.7499.192 Description Insufficient policy enforcement in the WebView tag allows a remote attacker to inject scripts or HTML into privileged pages via a crafted Chrome extension. This issue can be exploited ...

Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks

The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. "Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app installs, selling residential proxy...