PT-2026-29667

Name of the Vulnerable Software and Affected Versions DbGate versions 7.0.0 through 7.1.5 Description DbGate, a cross-platform database manager, contains a stored cross-site scripting XSS issue due to attacker-controlled SVG icon strings being rendered as raw HTML without proper sanitization. In...

EUVD-2023-38267

Malicious code in bioql PyPI...

CVE-2020-3916

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos...

Cross-site Scripting (XSS)

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Cross-site...

New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks

A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure. The malware is "notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android...

How to add custom app icon in Android Play Store applications

...

CVE-2023-34167

CVE-2023-34167 affects Huawei Desktop on HarmonyOS. The issue is a whitelist emulation vulnerability in Huawei Desktop that enables spoofing of trustlists, allowing malicious third-party apps to hide desktop icons and thereby hinder uninstallation. Effects described across sources include icons b...

CVE-2023-34158

Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled...

CVE-2022-46761

The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons...

HUAWEI EMUI/Magic UI 安全漏洞

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is to provide a full-scenario distributed operating system based on microkernel. A security bypass vulnerability exists in Huawei EMUI and HarmonyOS.The vulnerability is caused due to dynamic hiding and restoring...

About the security content of watchOS 6.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

CVE-2020-3916

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos...

CVE-2020-3916

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos...

Design/Logic Flaw

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos...

CVE-2020-3916

Apple fixed CVE-2020-3916 in watchOS 6.2, iOS 13.4 and iPadOS 13.4 by tightening sandbox restrictions. The vulnerability could let an attacker use an alternate app icon to disclose a photo without requiring photo permissions, via the Icons component on Apple Watch/iOS/iPadOS. Reported as an acces...

CVE-2020-3916

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos...

Shopify: Fetching external resources through svg images

Hi, I found the exactly same bug 97501 at https://app.shopify.com/services/partners/apiclients/ when uploading the svg image on app icon. Steps to reproduce it + Make a new app at https://app.shopify.com/services/partners/apiclients + Goto app setting...