Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002938)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002938 advisory. A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003408)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003408 advisory. In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003067)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003067 advisory. An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003309)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003309 advisory. In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over- read vulnerability. Tenable has extracted the preceding...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001899)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001899 advisory. drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 2013 devices, does not properly initialize certai...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002730)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002730 advisory. An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993. Tenable has extracted the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002175)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002175 advisory. arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 2013 devices, does not prevent...

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control C2 nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times,...

CVE-2026-22694

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

CVE-2026-22694

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

CVE-2026-22694 AliasVault is Missing Origin Validation in Android Passkey Credential Provider

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

CVE-2026-22694 AliasVault is Missing Origin Validation in Android Passkey Credential Provider

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

CVE-2026-22694

Summary (CVE-2026-22694) : AliasVault for Android (versions 0.24.0–0.25.2) contained an incomplete validation flaw in the Android credential provider for passkey requests. Under certain local conditions, a malicious app could obtain a passkey response for a site it was not authorized to access be...

CVE-2026-22694 AliasVault is Missing Origin Validation in Android Passkey Credential Provider

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

EUVD-2026-2679

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

CVE-2025-14317

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

CVE-2025-14317

CVE-2025-14317 – Crazy Bubble Tea mobile app : An authenticated attacker can obtain personal information of other users by enumerating a loyaltyGuestId parameter. The server does not verify required permissions to access data. This has been fixed in Android version 915 and iOS version 7.4.1. Affe...

CVE-2025-14317 User Enumeration in Crazy Bubble Tea mobile application

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

PT-2026-2853

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data. This issue was fixed in version 915 Android and 7.4.1 iOS...

AliasVault 访问控制错误漏洞

AliasVault is an open source password manager from AliasVault. An Access Control Error vulnerability exists in AliasVault 0.25.2 and earlier versions, which stems from incomplete authentication of the calling app's identity, origin, and RP ID in the Android Credential Provider, and could lead to ...