EGate Atom 3x 访问控制错误漏洞

EGate Atom 3x is a portable smart projection device developed by the Indian company EGate. The EGate Atom 3x has a security vulnerability related to access control. This vulnerability stems from the Android debugging bridge service exposing itself without authentication or proper access control o...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from unverified WebView JavaScript Interface, which could allow attackers to inject arbitrary commands and...

PT-2026-31958

OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application context...

SUSE CVE-2026-5902

Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. Chromium security severity: Low...

SUSE CVE-2026-5906

Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs

Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit SDK called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox...

Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk

In this article 1. Technical details 2. Disclosure timeline 3. Mitigation and protection guidance 4. References 5. Learn more During routine security research, we identified a severe intent redirection vulnerability in a widely used third-party Android SDK called EngageSDK. This flaw allows apps ...

Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk

In this article 1. Technical details 2. Disclosure timeline 3. Mitigation and protection guidance 4. References 5. Learn more During routine security research, we identified a severe intent redirection vulnerability in a widely used third-party Android SDK called EngageSDK. This flaw allows apps ...

EUVD-2026-20732

Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

EUVD-2026-20726

Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. Chromium security severity: Low...

EUVD-2026-20765

ALEAPP Android Logs Events And Protobuf Parser through 3.4.0 contains a path traversal vulnerability in the NQVault.py artifact parser that uses attacker-controlled filenamefrom values from a database directly as the output filename, allowing arbitrary file writes outside the report output...

Linux Distros Unpatched Vulnerability : CVE-2026-5906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a...

Linux Distros Unpatched Vulnerability : CVE-2026-5902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream...

DEBIAN-CVE-2026-5906

Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5902

Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5906

Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

DEBIAN-CVE-2026-5902

Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. Chromium security severity: Low...

CVE-2026-40027

ALEAPP Android Logs Events And Protobuf Parser through 3.4.0 contains a path traversal vulnerability in the NQVault.py artifact parser that uses attacker-controlled filenamefrom values from a database directly as the output filename, allowing arbitrary file writes outside the report output...

CVE-2026-5902

Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5906

Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...