Lucene search
+L

714 matches found

GithubExploit
GithubExploit
added 2026/04/22 2:56 p.m.128 views

LLM-and-MCP

Detection and Exploitation of Vulnerabilities in Android Appli...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/21 1:35 a.m.4 views

CVE-2026-39973

Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding apktool d. This is a...

7.1CVSS5.9AI score0.00182EPSS
Exploits1References5Affected Software1
GithubExploit
GithubExploit
added 2026/03/16 5:11 p.m.208 views

Exploit for Race Condition in Canonical Ubuntu_Linux

Dillu-Analyzer 🛡️ Dillu Analyzer — A web-based universal malwa...

9.3CVSS5.8AI score0.99945EPSS
Exploits132
SUSE CVE
SUSE CVE
added 2026/03/04 12:27 a.m.4 views

SUSE CVE-2026-25140

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

7.5CVSS5.7AI score0.00366EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/02/08 11:37 a.m.156 views

atool

ATOOL - Android Static Analysis & Exploit Scanner v1.0 !Pyth...

5.3AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/02/07 12:24 a.m.4 views

SUSE CVE-2026-25122

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

5.5CVSS5.2AI score0.00106EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/05 7:23 p.m.5 views

CVE-2026-25122

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

5.5CVSS5.3AI score0.00106EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/05 7:23 p.m.6 views

CVE-2026-25140

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

7.5CVSS5.4AI score0.00366EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 3:20 a.m.6 views

GO-2026-4406 apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams in chainguard.dev/apko

apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams in chainguard.dev/apko...

5.5CVSS5.3AI score0.00106EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/04 7:31 p.m.4 views

CVE-2026-24844

melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in...

7.9CVSS5.8AI score0.00176EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/02/04 7:16 p.m.9 views

CVE-2026-25140

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

7.5CVSS0.00366EPSS
Exploits0References2
NVD
NVD
added 2026/02/04 7:16 p.m.15 views

CVE-2026-25121

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatte...

7.5CVSS0.00369EPSS
Exploits0References2
NVD
NVD
added 2026/02/04 7:16 p.m.11 views

CVE-2026-25122

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

5.5CVSS0.00106EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/04 7:2 p.m.30 views

CVE-2026-25140 apko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streams

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

7.5CVSS0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/04 7:2 p.m.4 views

CVE-2026-25140 apko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streams

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

7.5CVSS5.4AI score0.00366EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/04 7:2 p.m.10 views

EUVD-2026-5381

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

7.5CVSS5.4AI score0.00366EPSS
Exploits0References2
CVE
CVE
added 2026/02/04 7:2 p.m.20 views

CVE-2026-25140

The CVE-2026-25140 issue affects chainguard.dev/apko: ExpandApk() expands .apk streams without decompression limits, enabling an attacker-controlled APK repository to inflate a small, highly-compressed archive into a large tar stream. This unbounded expansion can exhaust disk space and CPU on the...

7.5CVSS5.4AI score0.00366EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/04 7:2 p.m.6 views

CVE-2026-25121

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatte...

7.5CVSS5.4AI score0.00369EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/04 7:2 p.m.31 views

CVE-2026-25121 apko is vulnerable to path traversal in apko dirFS which allows filesystem writes outside base

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatte...

7.5CVSS0.00369EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/04 7:2 p.m.30 views

CVE-2026-25122 apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

5.5CVSS0.00106EPSS
Exploits0References2
Rows per page
Query Builder