CVE-2026-45173 Idira Identity Browser Extension: Unauthorized Application Interaction via Origin Validation Failure

Idira Identity Browser Extension Chrome, Firefox, and Edge builds versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote...

CVE-2026-40252 Broken Access Control (IDOR) Leading to Cross-Tenant Application Access in FastGPT

FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability IDOR/BOLA allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify...

CVE-2026-40252

FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability IDOR/BOLA allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify...

EUVD-2019-6383

Malware in sbrugna...

EUVD-2023-48475

Malicious code in bioql PyPI...

EUVD-2022-39151

Malicious code in bioql PyPI...

CVE-2025-22442

In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...

CVE-2019-15354

The Ulefone Armor 5 Android device with a build fingerprint of Ulefone/UlefoneArmor5/UlefoneArmor5:8.1.0/O11019/1528806701:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device...

CVE-2019-15341

The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...

CVE-2019-15366

The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the devi...

CVE-2024-54560

A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, watchOS 11. A malicious app may be able to modify other apps without having App Management permission...

PT-2024-19201 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.2.4 Description: The issue allows a remote attacker to bypass permission verification and install apps, although user action is required. Recommendations: For OpenHarmony versions prior to 3.2.4, update to a...

All users can reset the allowed apps list for Guest App users

None...

CVE-2023-21350

In Media Projection, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-21349

In CVE-2023-21349, the Android Package Manager exposes a side-channel to determine whether an app is installed without query permissions, enabling local information disclosure with no privileges required and no user interaction. Multiple connected sources (NVD entry and Red Hat/CVE pages, CNVD, a...

CVE-2023-21326

Summary of CVE-2023-21326 : This Android vulnerability affects the Package Manager Service and allows a local attacker to determine whether an app is installed without query permissions, via a side-channel information disclosure. The impact is information disclosure (confidentiality) with no user...

CVE-2023-38608

The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.5. An app may be able to access user-sensitive data...

Yandex Navigator 安全漏洞

Yandex Navigator is a car navigation system from the Russian company Yandex for mobile devices running Android, iOS and Windows family of mobile operating systems. A security vulnerability exists in Yandex Navigator version v.6.60, which originates from an elevation of privilege that can be...

Urbandroid Sleep 安全漏洞

Urbandroid Sleep is an app from Urbandroid Inc. which is used to track the sleep of customers. A security vulnerability exists in Urbandroid Sleep version v.20230303 that originates from an unauthorized application causing a persistent denial of service by manipulating the SharedPreference file...

flightaware 安全漏洞

flightaware is a software application. It is used for flight tracking and data processing. A security vulnerability exists in flightaware version v.5.8.0, which originates from an unauthorized application causing a persistent denial of service by manipulating database files...