CVE-2023-40133

In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-201783

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-32329

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-32329

CVE-2025-32329 affects Android Framework (Session.java). The described issue is a logic error in multiple Session.java functions that can permit viewing images belonging to another user on the device. This leads to local escalation of privilege with no additional execution privileges required and...

CVE-2025-32328

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Google Android 安全漏洞

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a logic error vulnerability that stems from a logic error issue in Session.java, which can be exploited by an attacker to view images of other users on the...

PT-2025-49001

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A flaw exists in the Framework component of Android operating systems due to insufficient protection of service data. Successful exploitation could allow a remote attacker to escalate...

EUVD-2020-26694

Malware in sbrugna...

EUVD-2009-3725

Malware in sbrugna...

EUVD-2023-44741

Malicious code in bioql PyPI...

EUVD-2023-25453

Malicious code in bioql PyPI...

EUVD-2023-44740

Malicious code in bioql PyPI...

CVE-2025-32320

In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CLSA-2025-1754340109 libblockdev: Fix of CVE-2025-6019

CVE-2025-6019: fix local privilege escalation vulnerability by updating libblockdev to prevent mounting of user-provided filesystem images with SUID- root shell...

Tea Dating Advice app has users’ private messages disclosed

A few days after Tea Dating Advice discovered unauthorized access to one of its systems that leaked 72,000 user images, the popular mobile app faced a second issue involving a separate database, as a researcher reported to 404Media that they were able to access private conversations. Tea Dating...

Tea App Breach: Women Only Dating Platform Leaks 72K User Images

The "Tea" app, a new and popular social platform for women, confirmed a major data breach affecting users…...

CVE-2024-7753

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /userimages/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed ...

CVE-2023-21288

In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...

CVE-2020-5532

ilbo App ilbo App for Android prior to version 1.1.8 and ilbo App for iOS prior to version 1.2.01 allows an attacker on the same network segment to bypass authentication and to view the images which were recorded by the other ilbo user's device via unspecified vectors...

CVE-2024-7753

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /userimages/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed ...