Exploit for Deserialization of Untrusted Data in Google Android

CVE-2024-31317 Deployer !Licensehttps://img.shields.io/bad...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ExpandApk function. An attacker can cause excessive resource consumption by providing a specially crafted, highly-compressed .apk stream that decompresses into a large tar...

SAMSUNG Dialer 安全漏洞

Samsung Dialer is a dialer application developed by South Korea’s Samsung Corporation. Versions of the Samsung Dialer prior to SMR Feb-2026 Release 1 contained security vulnerabilities. These vulnerabilities stemmed from improper export of Android application components, potentially allowing loca...

PT-2026-6005

Name of the Vulnerable Software and Affected Versions Android VPU driver versions prior to the February 2026 security patch Description The issue resides within the vpu ioctl function, specifically in the vpu mmap component. A missing bounds check allows for a potential arbitrary address mapping...

Android Tools Comic Book Reader 安全漏洞

Android Tools Comic Book Reader is a comic reading app developed by the Russian company Android Tools. Version 1.0.95 of Android Tools Comic Book Reader contains a security vulnerability. This vulnerability stems from an issue with file import processes, where arbitrary files can be overwritten,...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

GHSA-6P9P-Q6WH-9J89 apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force large gzip inflation work and lead to resource exhaustion availability impact. The Split function reads the first tar header,...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the dirFS filesystem abstraction. An attacker can perform unauthorized filesystem writes outside the intended base directory by supplying a crafted APK package containing malicious directory or symlink entrie...

Pixel Watch Security Bulletin—February 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices Google Devices. For Google devices, security patch levels of 2026-02-01 or later address all issues in this bulletin and all issues in the February 2026 Android Security Bulletin and all...

Android Security Bulletin—February 2026Stay organized with collectionsSave and categorize content based on your preferences.

This Android Security Bulletin contains details of security vulnerabilities that affect Android devices. Security patch levels of 2026-02-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Within 48 hours afte...

Android Automotive OS Update Bulletin—February 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2026-02-05 or later from the February 2026 Android Security Bulletin in addition to all issues in th...

Wear OS Security Bulletin—February 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2026-02-05 or later from the February 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage al...

Arsink Spyware Posing as WhatsApp, YouTube, Instagram, TikTok Hits 143 Countries

Another day, another Android malware campaign targeting unsuspecting users worldwide by masquerading as popular apps...

Okara: Detection and Attribution of TLS Man-In-The-Middle Vulnerabilities in Android Apps with Foundation Models

Transport Layer Security TLS is fundamental to secure online communication, yet vulnerabilities in certificate validation that enable Man-in-the-Middle MitM attacks remain a pervasive threat in Android apps. Existing detection tools are hampered by low-coverage UI interaction, costly...

PT-2026-5350

Name of the Vulnerable Software and Affected Versions versions prior to 2026-0007 Description A flaw exists in the writeToParcel function within WindowInfo.cpp that could allow an attacker to trick a user into granting permissions through a tapjacking or overlay attack. This could result in local...

Linux Distros Unpatched Vulnerability : CVE-2025-4086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog...

Linux Distros Unpatched Vulnerability : CVE-2025-4090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability was fixed in Firefox...

EUVD-2023-25647

Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule...