EUVD-2026-33800

In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45594

In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-22694 AliasVault is Missing Origin Validation in Android Passkey Credential Provider

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

PT-2026-2917

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...

CVE-2025-32323

CVE-2025-32323: In Shared.java getCallingAppName, input validation allows deceptive permission-popup text to trick users into granting file access. This enables local elevation of privilege, with no additional execution privileges and no user interaction required. Affected: Android framework code...

imo 路径遍历漏洞

imo is free video calling and chatting software. A security vulnerability exists in imo version 2022.11.1051, which stems from a path traversal vulnerability that can force an application to write files to the application's data directory, potentially allowing an attacker to save shared libraries...

Daily Dot News portal hacked by Syrian Electronic Army with phishing attack

Pro-Assad hacker group the Syrian Electronic Army claims to have breached the online news portal "Daily Dot" and deleted an article with a caricature of Syrian President Bashar al-Assad. SEA hackers gave an advance warning to Daily Dot editorial team via twitter, said "Dear @dailydot, please remo...

Skype Android Lockscreen Bypass

Tested with Skype version 3.2.0.6673 released 1st July 2013 on various Android devices Sony Xperia Z, Samsung Galaxy Note 2, Huawei Premia 4G The Skype for Android application appears to have a bug which permits the Android inbuilt lockscreen ie. pattern, PIN, password to be bypassed relatively...