CVE-2026-44754 Missing caller identification check-in for ODP Data Replication APIs

The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...

New Research Exposes Critical Gap: 64% of Third-Party Applications Access Sensitive Data Without Authorization

Boston, MA, USA, 21st January 2026, CyberNewsWire...

CVE-2022-26706

An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions...

EUVD-2008-3617

Malware in sbrugna...

EUVD-2007-3468

Malware in sbrugna...

EUVD-2020-26790

Malware in sbrugna...

EUVD-2021-17815

Malware in sbrugna...

EUVD-2007-3915

Malware in sbrugna...

EUVD-2023-48486

Malicious code in bioql PyPI...

EUVD-2023-38260

Malicious code in bioql PyPI...

EUVD-2022-27405

Malicious code in bioql PyPI...

EUVD-2022-31256

Malicious code in bioql PyPI...

EUVD-2023-25487

Malicious code in bioql PyPI...

EUVD-2025-19527

Malicious code in bioql PyPI...

CVE-2025-53186

Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2022-32945

An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods...

CVE-2022-22258

The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege...

CVE-2021-21732

A mobile phone of ZTE is impacted by improper access control vulnerability. Due to improper permission settings, third-party applications can read some files in the proc file system without authorization. Attackers could exploit this vulnerability to obtain sensitive information. This affects Axo...

CVE-2019-9798

On Android systems, Firefox can load a library from APITRACELIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. Note: This issue only affects...

New Research: The State of Web Exposure 2025

Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover and mitigate these hidden threats and risks—download...