PT-2026-49282

Name of the Vulnerable Software and Affected Versions Rakuten Send Anywhere File Transfer for Android version 23.2.9 Description An issue in the application allows untrusted apps without permissions to force arbitrary file downloads into the app's scoped storage. These files then appear in the...

CVE-2021-46747

Insufficient granularity of access control in ASP AMD Secure Processor may allow an attacker with an untrusted user space application to map sensitive SMN System Management Network apertures leading to a potential escalation of privileges...

CVE-2021-46747

CVE-2021-46747 involves AMD’s Secure Processor (ASP) and is detailed in AMD’s security bulletins. The issue is described as insufficient granularity of access control in the ASP, which could allow an attacker with an untrusted user-space application to map sensitive SMN (System Management Network...

Catch spyware in the act with Windows Webcam Monitoring

You’re working hard late at night, replying to emails and planning the week ahead. Then suddenly, a PDF file requests access to your camera. Why would a PDF need camera access? Cybercriminals often disguise spyware inside seemingly harmless files and programs. An unexpected request for access to...

CVE-2025-12050

The drivers in the tool packages use RTLQUERYREGISTRYDIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde, China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a buffer overflow that can be caused by untrusted user-mode applications when readin...

EUVD-2020-19488

Malware in sbrugna...

EUVD-2023-28808

Malicious code in bioql PyPI...

CVE-2025-26450

In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...

CVE-2025-26450

In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...

CVE-2025-26450

In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...

CVE-2025-26450

CVE-2025-26450 affects Android-related code in onInputEvent of IInputMethodSessionWrapper.java. The issue allows an untrusted app to inject key and motion events to the default IME due to a missing permission check, enabling local privilege escalation with no additional privileges required. User ...

CVE-2025-26450

In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...

PT-2025-36021

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: A flaw exists in IInputMethodSessionWrapper.java within the Android operating system. An untrusted application may inject key and motion events into the default Input Method Editor IME due ...

CVE-2023-24810

Misskey is an open source, decentralized social media platform. Due to insufficient validation of the redirect URL during miauth authentication in Misskey, arbitrary JavaScript can be executed when a user allows the link. All versions below 13.3.1 including 12.x are affected. This has been fixed ...

CVE-2023-21518

Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity...

CVE-2021-0942

The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = pagetophyspsOSPageArrayData-pagearrayui32PageIndex;With the current PoC this crashes as an OOB read. However, given that the O...

CVE-2023-33071

Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities...

CVE-2023-33071

Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities...

Memory corruption

Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities...