Lucene search
K

8 matches found

NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-54318

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any installed app, with zero runtime permissions, can broadcast a forged Google Play Services...

7.1CVSS0.00113EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/23 5:40 p.m.37 views

CVE-2026-54318 Home Assistant: Exported BroadcastReceiver allows local apps to spoof device location

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any installed app, with zero runtime permissions, can broadcast a forged Google Play Services...

7.1CVSS0.00113EPSS
Exploits1References2
CVE
CVE
added 2026/06/23 5:40 p.m.34 views

CVE-2026-54318

Affected software: Home Assistant Android components. Vulnerability: LocationSensorManager BroadcastReceiver was exported with no permission prior to 2026.5.3, allowing any local app (zero runtime permissions) to broadcast a forged Google Play Services LocationResult to spoof the device’s locatio...

7.1CVSS5.9AI score0.00113EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51577

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2026.5.3 Description The LocationSensorManager BroadcastReceiver is exported without requiring permissions. This allows any installed application on the device, regardless of its runtime permissions, to send a...

7.1CVSS5.8AI score0.00113EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-39692

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.00078EPSS
Exploits0References1
NVD
NVD
added 2023/07/14 4:15 p.m.28 views

CVE-2023-35692

In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00078EPSS
Exploits0References1
OSV
OSV
added 2023/07/01 12:0 a.m.6 views

PUB-A-275950631

In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7AI score0.00078EPSS
Exploits0References1
OSV
OSV
added 2020/06/11 3:15 p.m.4 views

CVE-2020-0133

In MockLocationAppPreferenceController.java, it is possible to mock the GPS location of the device due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

7.3CVSS7.2AI score0.00202EPSS
Exploits0References1
Rows per page
Query Builder