Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ExtractRelativeToDirectoryAsync path handling in src/libraries/System.Formats.Tar/src/System/Formats/Tar/TarEntry.cs. An attacker can create a tar archive that extracts a symbolic link whose target is a roote...

GHSA-PRXJ-3GCV-CQRH Tesla Fleet Telemetry allows spoofing telemetry for arbitrary vehicles via compromised vehicle credentials

Summary A vulnerability in vehicle authentication allows threat actor with valid client credentials i.e., a private key and certificate from a rooted infotainment system to impersonate arbitrary VINs when authenticating to the telemetry server. Impact The attacker would be able to submit falsifie...

CVE-2021-22336

There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause denial of security services on a rooted device...

CVE-2025-61670

Wasmtime is a runtime for WebAssembly. Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the anyref or externref WebAssembly values. This is caused by a regression introduced during the development of 37.0.0 and all prior versions of Wasmtime are unaffected. If...

EUVD-2025-32904

Wasmtime is a runtime for WebAssembly. Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the anyref or externref WebAssembly values. This is caused by a regression introduced during the development of 37.0.0 and all prior versions of Wasmtime are unaffected. If...

CVE-2025-61670

Wasmtime is a runtime for WebAssembly. Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the anyref or externref WebAssembly values. This is caused by a regression introduced during the development of 37.0.0 and all prior versions of Wasmtime are unaffected. If...

EUVD-2018-13330

Malware in sbrugna...

PT-2025-41158

Name of the Vulnerable Software and Affected Versions Wasmtime versions 37.0.0 through 37.0.1 Description Wasmtime, a runtime for WebAssembly, contains memory leaks within its C/C++ API when utilizing bindings for anyref or externref WebAssembly values. This issue stems from a regression introduc...

EUVD-2025-24940

Malicious code in bioql PyPI...

EUVD-2023-25036

Malicious code in bioql PyPI...

EUVD-2024-50589

Malicious code in bioql PyPI...

PT-2025-39852

Name of the Vulnerable Software and Affected Versions Payeer Android application version 2.5.0 Description An improper access control issue exists in the authentication process for changing the PIN in the Payeer Android application. A local attacker with root access to the device can bypass the P...

CVE-2025-50862

The Lotus Cars Android app com.lotus.carsdomestic.intl 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure...

CVE-2025-50862

The Lotus Cars Android app com.lotus.carsdomestic.intl 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure...

CVE-2025-50862

CVE-2025-50862 affects the Lotus Cars Android app (com.lotus.carsdomestic.intl) v1.2.8. The underlying issue is allowBackup=true in the app manifest, which enables data exfiltration via ADB backup on rooted or debug-enabled devices. Impact per sources indicates potential user data exposure due to...

CVE-2025-50862

The Lotus Cars Android app com.lotus.carsdomestic.intl 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure...

CVE-2025-50862

The Lotus Cars Android app com.lotus.carsdomestic.intl 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure...

PT-2025-33410 · Lotus Cars · Lotus Cars Android App

Name of the Vulnerable Software and Affected Versions: Lotus Cars Android app com.lotus.carsdomestic.intl version 1.2.8 Description: The Lotus Cars Android app allows data exfiltration via ADB backup on rooted or debug-enabled devices due to the allowBackup=true flag being set in its manifest. Th...

CVE-2023-20857

VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode...

CVE-2024-12094

This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information...