CVE-2026-45227

CVE-2026-45227 affects Heym prior to 0.0.21. A sandbox-escape in the custom Python tool executor allows authenticated workflow authors to bypass sandbox restrictions via object-graph introspection. Attackers can use Python introspection to recover the unrestricted import function, import blocked ...

CVE-2025-1395

Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping.This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proces...

CVE-2025-67316

An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser...

CVE-2025-61729 vulnerabilities

Vulnerabilities for packages: goreleaser, kubernetes-csi-driver-hostpath, newrelic-infrastructure-agent, mods, aws-flb-cloudwatch, cert-manager-webhook-pdns, ipfs-cluster, kapp, rancher, tfsec, task, steampipe, nri-elasticsearch, kserve, hello-world-golang, nerdctl, kine, guac, pdfcpu,...

EUVD-2025-28876

Malicious code in bioql PyPI...

CVE-2025-9673

A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The...

CVE-2025-9673

A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The...

CVE-2025-9673 Kakao 헤이카카오 Hey Kakao App com.kakao.i.connect AndroidManifest.xml improper export of android application components

A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The...

PT-2025-35310

Name of the Vulnerable Software and Affected Versions: Kakao Hey Kakao App versions up to 2.17.4 Description: A vulnerability exists in the Kakao Hey Kakao App on Android, affecting an unknown functionality within the AndroidManifest.xml file of the com.kakao.i.connect component. This issue resul...

Kakao Hey Kakao App 安全漏洞

Kakao Hey Kakao App is a messaging app from the South Korean company Kakao. A security vulnerability exists in Kakao Hey Kakao App version 2.17.4 and earlier, which stems from improper component export in the file AndroidManifest.xml and could lead to a local attack...

Malicious code in hey-message-content (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 82160038204459189291779030b0cd92dbe157e779d3b1cae48e25a84053ee9a The OpenSSF Package Analysis project identified 'hey-message-content' @ 8.99.1 npm as malicious. It is considered malicious because: - The packa...

MAL-2025-41244 Malicious code in hey-message-content (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 82160038204459189291779030b0cd92dbe157e779d3b1cae48e25a84053ee9a The OpenSSF Package Analysis project identified 'hey-message-content' @ 8.99.1 npm as malicious. It is considered malicious because: - The packa...

MAL-2025-7996 Malicious code in @hey-amplify/scripts (npm)

The package @hey-amplify/scripts was found to contain malicious code...

Malicious code in @zalastax/nolb-_hey (npm)

The package @zalastax/nolb-hey was found to contain malicious code...

Malicious code in @hey-amplify/scripts (npm)

The package @hey-amplify/scripts was found to contain malicious code...

MAL-2025-10079 Malicious code in @zalastax/nolb-_hey (npm)

The package @zalastax/nolb-hey was found to contain malicious code...

Basecamp: Two click Account Takeover

A vulnerability was discovered in the HEY Email Android application that allowed for a two-click account takeover. Improper handling of incoming deeplinks led to the application's authorization bearer token being sent to an attacker-controlled server if the user could be tricked into clicking a...

Basecamp: Critical Data Breach - Big Data for all domains

The researcher provided an Excel sheet that appeared to be a dump of a breach database. The origin of the data entries in the database was unclear. A small number of valid HEY accounts with enabled 2FA were found, as well as a slightly larger number of other product accounts with valid passwords...

Alarm system cyberattack leaves those in need struggling to call for help

An alarm system company that allows those in need to ask for help at the touch of a button has suffered a cyberattack, causing serious disruption. Tunstall Netherlands says the attack left the control room struggling to receive distress calls from clients on Sunday November 12, 2023. Tunstall,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: newrelic-infrastructure-agent, mc, pulumi-language-dotnet, kubescape, rqlite, pulumi-kubernetes-operator, kubevela, gke-gcloud-auth-plugin, conftest, cosign, oauth2-proxy, prometheus-blackbox-exporter, sigstore-scaffolding, cortex, flux-helm-controller,...