CVE-2026-26227

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...

CVE-2026-26227

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...

CVE-2026-26227

VLC for Android prior to 3.7.0 contains an authentication bypass in the Remote Access Server due to missing rate limiting on the 4‑digit OTP verification. An attacker reachable on the network can repeatedly attempt OTP checks within the OTP validity window, potentially obtaining a valid user_sess...

CVE-2026-26227 VLC for Android < 3.7.0 Remote Access OTP Authentication Bypass

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...

GO-2026-4410 apko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streams in chainguard.dev/apko

apko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streams in chainguard.dev/apko...

CVE-2026-26228

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

CVE-2026-26228

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

CVE-2026-26228

VLC for Android prior to 3.7.0 is affected by a path traversal vulnerability in the Remote Access Server’s GET /download endpoint. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalization or directory containment checks, allo...

CVE-2026-26228 VLC for Android < 3.7.0 Remote Access Path Traversal

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

CVE-2026-26228

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

CVE-2026-26228 VLC for Android < 3.7.0 Remote Access Path Traversal

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories

Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder...

Exploit for CVE-2010-2568

Zero Click Exploits Android, OSX, Linux, Windows, iOS, IoT, S...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the Pub/Sub endpoint. An attacker can cause unauthorized removal of Android devices from management by sending crafted unauthenticated requests. Remediation Upgrade...

CVE-2026-24004

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet...

CVE-2026-24004 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet...

CVE-2026-24004 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet...

CVE-2026-24004

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet...

CVE-2026-24004

CVE-2026-24004 affects Fleet open source device management software prior to 4.80.1. The issue is in Android MDM Pub/Sub handling, allowing unauthenticated requests to trigger unenrollment events, potentially removing individual Android devices from Fleet management. Impact is disruption of Andro...

CVE-2026-24004 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet...