Ledger Bitcoin app 安全漏洞

The Ledger Bitcoin app is an open-source application developed by Ledger, which runs on the Ledger hardware wallet. There are security vulnerabilities in the 2.1.0 and 2.1.1 versions of the Ledger Bitcoin app. These vulnerabilities stem from improper handling of miniscripts containing the ‘a’...

CVE-2026-7042

The CVE concerns 666ghj MiroFish REST API Endpoint (up to version 0.1.2). The flaw is in the create_app function located at backend/app/init .py, described as missing authentication. This can enable remote abuse, with a published exploit mentioned in the description. No remediation or patch detai...

EUVD-2025-36692

An issue discovered in Dyson App v6.1.23041-23595 allows unauthenticated attackers to control other users' Dyson IoT devices remotely via MQTT...

EUVD-2021-19772

Malware in sbrugna...

CVE-2025-10721

A vulnerability was determined in Webull Investing & Trading App 11.2.5.63 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml. This manipulation causes improper export of android application components. The attack can only be executed locally. The exploit has been...

CVE-2018-15003

The Coolpad Defiant Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys and the T-Mobile Revvl Plus Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildfnj02-206:user/release-keys Android devices contain a pre-installed platform app with a package name of...

CVE-2019-15332

The Lava Z61 Android device with a build fingerprint of LAVA/Z612GB/Z612GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the device to...

CVE-2023-43993

An issue in smaregiappmarket mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

CVE-2023-38909

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function...

One sticker could have exposed your Telegram secret chats

By Waqas The flaw originated in the way the Telegram app handled animated stickers and how the secret chat functionality operated. This is a post from HackRead.com Read the original post: One sticker could have exposed your Telegram secret chats...

CVE-2020-13891

An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022...

Zoom Caught in Cybersecurity Debate — Here's Everything You Need To Know

Over the past few weeks, the use of Zoom video conferencing software has exploded ever since it emerged the platform of choice to host everything from cabinet meetings to yoga classes amidst the ongoing coronavirus outbreak and work from home became the new normal. The app has skyrocketed to 200...

Here's How Hackers Could Have Spied On Your DJI Drone Account

Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos tak...

A week in security (October 22 – 28)

Last week on Malwarebytes Labs, we took a look at some new Mac malware, gave you a roundup of 2018 exploit kits, and dispensed some advice on sextortion scams. We also looked at the Cathay Pacific breach, groaned at the revival of an old browser trick, and explained how voting machines and...

Xiaofeng Air Ching App for Android has an overstepping loophole

Ltd. developed with the work of the Xiao Feng Air Dorothy system APP, mainly used to monitor the indoor air quality and Xiao Feng Air Dorothy internal and external machine running status, monitoring items including PM2.5, formaldehyde, oxygen, temperature and humidity, and can be through the APP...

Google News and Weather application for Android security bypass vulnerability

Google News and Weather application for Android is a mobile application for the Android operating system based on the American company Google Google. The program supports pushing news and weather forecasts, etc. A security vulnerability exists in the Google News and Weather application for Androi...