NULL Pointer Dereference

Overview cordova-plugin-x-socialsharing is a Share text, images and other files, or a link via the native sharing widget of your device. Android is fully supported, as well as iOS 6 and up. WP8 has somewhat limited support. Affected versions of this package are vulnerable to NULL Pointer...

MAL-2025-17563 Malicious code in cordova-ezar-video-overlay (npm)

The package cordova-ezar-video-overlay was found to contain malicious code...

Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a denial of service

Summary Node.js is used by IBM Rational® Application Developer for WebSphere® Software as the SDK and runtime for Apache Cordova projects. CVE-2023-6129,CVE-2024-24806, CVE-2023-5678,CVE-2024-22019,CVE-2023-46809, CVE-2024-0727, CVE-2023-6237,CVE-2024-21892 Vulnerability Details...

GHSA-X2PH-QQWM-9CC6 CleverTap Cordova plugin vulnerable to Cross-site Scripting

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them...

CleverTap Cordova plugin vulnerable to Cross-site Scripting

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them...

CVE-2023-2507

CVE-2023-2507 affects CleverTap Cordova Plugin (version 2.6.2). The vulnerability arises from improper validation of data from deeplinks, allowing a remote attacker to execute JavaScript in apps opened via a crafted deeplink (XSS/remote code execution-like behavior described in sources). A patch ...

SUSE CVE-2014-3502

Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent...

CVE-2021-43849

cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity de.niklasmerz.cordova.biometric.BiometricActivity can cause the app to crash. This vulnerability occurred...

CVE-2021-43849

cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity de.niklasmerz.cordova.biometric.BiometricActivity can cause the app to crash. This vulnerability occurred...

Design/Logic Flaw

cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity de.niklasmerz.cordova.biometric.BiometricActivity can cause the app to crash. This vulnerability occurred...

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i

Summary Vulnerabilities detected in Node.js versions before v14.16.2 that affect the Cordova platform packaged with Rational Developer for i Software. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform Foundation.

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilities by updating the version of OpenSSL Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. ...

Security Bulletin: Multiple vulnerabilities in Node.js affecting Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i Modernization Tools, Java edition, and Rational Developer for AIX and Linux. Multiple Node.js vulnerabilities have been discovered that affect the Cordova platform...

Arbitrium-RAT - A Cross-Platform, Fully Undetectable Remote Access Trojan, To Control Android, Windows And Linux

Arbitrium is a cross-platform is a remote access trojan RAT, Fully UnDetectable FUD, It allows you to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding. It gives access to the local networks, you can use the targets as a HTTP proxy and access Router...

CVE-2020-11990

We have resolved a security issue in the camera plugin that could have affected certain Cordova Android applications. An attacker who could install or lead the victim to install a specially crafted or malicious Android application would be able to access pictures taken with the app externally...

Security feature bypass

We have resolved a security issue in the camera plugin that could have affected certain Cordova Android applications. An attacker who could install or lead the victim to install a specially crafted or malicious Android application would be able to access pictures taken with the app externally...

CVE-2020-11990

We have resolved a security issue in the camera plugin that could have affected certain Cordova Android applications. An attacker who could install or lead the victim to install a specially crafted or malicious Android application would be able to access pictures taken with the app externally...

CVE-2020-11990

CVE-2020-11990 affects the Apache Cordova Plugin camera on Android. Vulnerability: when the plugin caches taken images to external storage, any app with READ_EXTERNAL_STORAGE/WRITE_EXTERNAL_STORAGE can access those cached image files, exposing user photos. Root cause: the external storage caching...

Apache Cordova 安全漏洞

Apache Cordova is a camera plug-in for Android from the Apache Foundation. An access control error vulnerability exists in Cordova Android, which can be exploited by an attacker to gain access to photos taken externally using the application...

Security Bulletin: Multiple vulnerabilities affecting the Cordova platform and IBM SDK Node.js packaged with Rational Software Architect and Rational Software Architect for WebSphere Software

Summary Multiple vulnerabilities have been discovered that affect the Cordova platform and IBM SDK Node.js packaged with Rational Software Architect and Rational Software Architect for WebSphere software CVE-2014-3500, CVE-2014-3501, CVE-2014-3502, CVE-2014-5256, CVE-2014-7191, CVE-2014-7192,...