org.keycloak.protocol.oidc.endpoints.LogoutEndpoint: Offline Session takeover due to reused Authentication Session ID

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

CVE-2025-12390

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

CVE-2022-20022

In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. Use...

CVE-2025-21615 AAT allows data exfiltration by other apps installed on the same device

AAT Another Activity Tracker is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device...

NVIDIA GeForce Now Security Vulnerability

NVIDIA GeForce Now NVIDIA GeForce Now,NVIDIA GeForce Now is an open cloud gaming platform from NVIDIA, USA. NVIDIA GeForce A security vulnerability exists in NVIDIA GeForce that stems from a flaw in the game launcher component, where a malicious application on the same device can handle the...

CVE-2023-35675

In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User...

PT-2023-25260 · Google · Android

Name of the Vulnerable Software and Affected Versions: MediaResumeListener.kt affected versions not specified Description: The issue is caused by a logic error in the code of MediaResumeListener.kt, specifically in the loadMediaResumptionControls function. This error allows media files played by...

Aremis 4 Nomad 安全漏洞

Aremis 4 Nomad A4N is an application from Aremis, Inc. A security vulnerability exists in Aremis 4 Nomad version 1.5.0 that stems from passwords being stored in plaintext. An attacker exploiting this vulnerability could retrieve the passwords of other users using the same device...

Nextcloud Android app 安全漏洞

Nextcloud Android app is an Android-based mobile application from Nextcloud Germany for accessing Nextcloud servers. nextcloud news- There is a security vulnerability in Android that allows an attacker to install a malicious application on the same device, which can be exploited by an attacker to...

PT-2018-16563 · Siemens · Simatic Wincc Oa Ui For Android +1

Name of the Vulnerable Software and Affected Versions: SIMATIC WinCC OA UI for Android versions prior to V3.15.10 SIMATIC WinCC OA UI for iOS versions prior to V3.15.10 Description: A security issue has been identified due to insufficient limitation of CONTROL script capabilities, allowing read a...