EUVD-2026-36531

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can...

CVE-2026-0097

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-446114623

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-30796

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

PT-2026-41723

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description A missing authorization issue allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. By using malicious page or...

CVE-2019-2221

In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti...

CVE-2019-2220

In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

EUVD-2019-18670

Malware in sbrugna...

EUVD-2019-18656

Malware in sbrugna...

EUVD-2016-7621

Malware in sbrugna...

EUVD-2017-0999

Malware in sbrugna...

EUVD-2017-0846

Malware in sbrugna...

EUVD-2025-13685

Malicious code in bioql PyPI...

EUVD-2021-3573

Malicious code in bioql PyPI...

EUVD-2023-46963

Malicious code in bioql PyPI...

CVE-2025-43976

The com.enflick.android.tn2ndLine application through 24.17.1.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component...

CVE-2024-36064

The NLL com.nll.cb aka ACR Phone application through 0.330-playStore-NoAccessibility-arm8 for Android allows any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.nll.cb.dialer.dialer.DialerActivity component...

CVE-2024-53935

The com.callos14.callscreen.colorphone aka iCall OS17 - Color Phone Flash application through 4.3 for Android enables any application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.callos14.callscreen.colorphone.DialerActivity component...

phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames

Exploit Title: phpMyFAQ v3.2.10 - Unintended File Download Triggered by Embedded Frames Date: 13 Dec 2024 Exploit Author: George Chen Vendor Homepage: https://github.com/thorsten/phpMyFAQ/ Software Link: https://github.com/thorsten/phpMyFAQ/ Version: v3.2.10 Tested on: Mac, Win CVE : CVE-2024–558...

CVE-2024-53933

The com.callerscreen.colorphone.themes.callflash aka Color Call Theme & Call Screen application through 1.0.7 for Android enables any application with no permissions to place phone calls without user interaction by sending a crafted intent via the...