PT-2025-49195

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...

EUVD-2025-201337

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...

CVE-2025-32898

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...

CVE-2025-32900

In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5...

CVE-2025-32899

In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP...

CVE-2025-32901

In KDE Connect before 1.33.0 on Android, malicious device IDs sent via broadcast UDP could cause an application crash...

EUVD-2025-201273

An issue in the Bluetooth Human Interface Device HID of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device...

CVE-2025-63896

An issue in the Bluetooth Human Interface Device HID of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device...

CVE-2025-63896

An issue in the Bluetooth Human Interface Device HID of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device...

Newly Sold Albiriox Android Malware Targets Banks and Crypto Holders

Cleafy analysis reveals Albiriox, a new Android Malware-as-a-Service MaaS RAT that targets over 400 global banking and crypto apps. Learn how ODF fraud enables full device takeover...

CVE-2025-13876

A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been...

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed since October 2024, involves distributing...

JXL 9 Inch Car Android Double Din Player 安全漏洞

JXL 9 Inch Car Android Double Din Player is an in-car infotainment system from JXL. A security vulnerability exists in JXL 9 Inch Car Android Double Din Player version v12.0, which stems from a Bluetooth HID device that is susceptible to arbitrary keystroke injection attacks...

CVE-2025-63896

An issue in the Bluetooth Human Interface Device HID of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device...

CVE-2025-63896

Technical details (affected components, versions, exploit specifics) for CVE-2025-63896 are not publicly available in the supplied documents. Monitor for updates from vendors and security feeds.

PT-2025-49137

Name of the Vulnerable Software and Affected Versions JXL 9 Inch Car Android Double Din Player Android version 12.0 Description An issue exists in the Bluetooth Human Interface Device HID of the affected product that allows attackers to inject arbitrary keystrokes by using a spoofed Bluetooth HID...

Ubuntu 25.10 : Linux kernel vulnerabilities (USN-7906-1)

The remote Ubuntu 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7906-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the...

ch.reportingsoft.birt:birt-runtime-bundle (>=4.19.0 <=4.20.0), cloud.wondrify:coffee-asset-pipeline (>=5.0.10 <=5.1.0-M4) +163 more potentially affected by CVE-2025-66453 via org.mozilla:rhino (=1.8.0)

org.mozilla:rhino MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.mozilla:rhino and may be impacted: - ch.reportingsoft.birt:birt-runtime-bundle =4.19.0, =5.0.10, =5.0.10, =5.0.10, =10.2.1, =8.0.0, =8.0.0, =5.0.6, =5.0.6, =5.0....

CVE-2025-21080

Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege...

CVE-2025-58483

Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store...