Exploit for Race Condition in Canonical Ubuntu_Linux

Dillu-Analyzer 🛡️ Dillu Analyzer — A web-based universal malwa...

EUVD-2025-13371

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

mobsf is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization during SVG file handling in the Android APK analysis workflow, which allows malicious scripts to be embedded in the SVG files...

CVE-2025-46335

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...

CVE-2025-46335

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...

CVE-2025-46335

The CVE-2025-46335 entry concerns Mobile Security Framework (MobSF) and describes a Stored Cross-Site Scripting (XSS) vulnerability in MobSF versions up to 4.3.2, arising from improper sanitization of user-supplied SVG files during the Android APK analysis workflow. Affected component: MobSF Andr...

CVE-2025-46335 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...

CVE-2025-46335 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of...

GHSA-MWFG-948F-2CC5 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload

Vulnerable MobSF Versions: .svg This file becomes publicly accessible via the web interface at: http://127.0.0.1:8081/download/filename.svg If the SVG contains embedded JavaScript e.g., an XSS payload, accessing this URL via a browser leads to the execution of the script in the context of the Mob...

Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload

Vulnerable MobSF Versions: .svg This file becomes publicly accessible via the web interface at: http://127.0.0.1:8081/download/filename.svg If the SVG contains embedded JavaScript e.g., an XSS payload, accessing this URL via a browser leads to the execution of the script in the context of the Mob...

Cross-site Scripting (XSS)

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Cross-site...

PT-2025-19768 · Mobsf +1 · Mobsf +1

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions up to and including 4.3.2 Description: A Stored Cross-Site Scripting XSS issue has been identified in MobSF. The issue arises from improper sanitization of user-supplied SVG files during the Android AP...

PT-2024-33139 · Unknown · Xiao He Smart

Name of the Vulnerable Software and Affected Versions: XIAO HE Smart version 4.3.1 Description: The issue is related to incorrect access control, allowing attackers to access sensitive information by analyzing the code and data within the APK file. Recommendations: For XIAO HE Smart version 4.3.1...

PT-2024-33144 · Wear Sync · Wear Sync

Name of the Vulnerable Software and Affected Versions: Wear Sync version 1.2.0 Description: The issue is related to incorrect access control in the firmware update and download processes. This allows attackers to access sensitive information by analyzing the code and data within the APK file...

Slicer - Tool To Automate The Boring Process Of APK Recon

A tool to automate the recon process on an APK file. Slicer accepts a path to an extracted APK file and then returns all the activities, receivers, and services which are exported and have null permissions and can be externally provoked. Note : The APK has to be extracted via jadx or apktool...

MobileHackersWeapons - Mobile Hacker's Weapons / A Collection Of Cool Tools Used By Mobile Hackers

A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting Weapons OS | Type | Name | Description ---|---|---|--- All | Analysis | RMS-Runtime-Mobile-Security | Runtime Mobile Security RMS - is a powerful web interface that helps you to manipulate Android and iOS Apps at...

Mobile Application Reverse Engineering: MARA

Mobile Application Reverse engineering and Analysis Framework MARA is a M obile A pplication R everse engineering and A nalysis Framework. It is a tool that puts together commonly used mobile application reverse engineering tools, in order to make the task or reverse engineering and analysis easi...