CVE-2026-45153 Nextcloud: PIN bypass in PassCodeActivity via back button

Nextcloud is an open source content collaboration platform. From version 33.0.0 to before version 33.1.0, after unlocking a locked Android phone the back-button could be used to bypass the Nextcloud Files app PIN. This issue has been patched in version 33.1.0...

CVE-2026-49318

This CVE affects the Infotainment / Digital Round display in the Indian Motorcycle Scout Bobber + Tech 2025 model year. The root cause is an incorrect behavior order during boot: the system uses the presence of Wireless Control Module (WCM) traffic as a proxy for whether an immobilizer is fitted....

CVE-2026-49318

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

EUVD-2026-33296

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

CVE-2025-68708

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation through...

PIN bypass in PassCodeActivity via back button

None...

CVE-2026-28895

The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode...

EUVD-2026-15177

The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode...

CVE-2026-28895

The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode...

CVE-2026-28895

The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode...

CVE-2025-46286

A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...

EUVD-2025-206272

A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...

CVE-2025-46286

A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...

CVE-2025-46286

A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...

CVE-2025-46286

A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...

CVE-2025-46286

A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...

CVE-2020-10570

The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature...

CVE-2022-31461

Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message...

CVE-2022-31459

Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth...

PT-2026-1803

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.2 iPadOS versions prior to 26.2 Description A logic issue exists related to validation. Restoring from a backup may prevent a passcode from being required immediately after Face ID enrollment. Recommendations Update to...