Lucene search
+L

12 matches found

NVD
NVD
added 3 days ago5 views

CVE-2026-42049

jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx inserts the android:versionName value from an AndroidManifest into the generated app/build.gradle Groovy template without proper sanitization when exporting a decompiled APK as an Android Gradle project. A malicious APK can break out of the...

8.4CVSS0.00151EPSS
Exploits0References3
CVE
CVE
added 3 days ago10 views

CVE-2026-42049

CVE-2026-42049 affects jadx (Dex to Java decompiler). Before 1.5.6, exporting a decompiled APK as an Android Gradle project could cause the android:versionName from the manifest to be inserted into the generated app/build.gradle Groovy template without proper sanitization, enabling opening or bui...

8.4CVSS6.2AI score0.00151EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

CVE-2026-42049 jadx: RCE Via Groovy Code Injection in Gradle Export

jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx inserts the android:versionName value from an AndroidManifest into the generated app/build.gradle Groovy template without proper sanitization when exporting a decompiled APK as an Android Gradle project. A malicious APK can break out of the...

8.4CVSS6.2AI score0.00151EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.20 views

PT-2026-51402

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description Multiple SQL injection issues exist in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization...

7.1CVSS6AI score0.00276EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/12/01 12:0 a.m.4 views

GitLab CE/EE 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE that stems from its improper...

5.3CVSS5.7AI score0.01034EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/05/02 6:23 p.m.7 views

Jira: Stored XSS vulnerabilities in Jenkins Jira plugin

A flaw was found in the Jenkins Jira plugin. The Jenkins Jira plugin does not escape the name and description of a Jira Issue and Jira Release Version parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with...

5.4CVSS5.7AI score0.00825EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/04/12 8:15 p.m.6 views

CVE-2022-29041

Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6AI score0.00825EPSS
Exploits0References2
Prion
Prion
added 2019/11/14 5:15 p.m.17 views

Design/Logic Flaw

The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000000, versionName=7.0.0.0 that allows other pre-installed apps to...

4.6CVSS7.3AI score0.0031EPSS
Exploits0References1
Prion
Prion
added 2019/11/14 5:15 p.m.20 views

Code injection

The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000000, versionName=7.0.0.0 that allows other pre-installed...

4.6CVSS7.3AI score0.0031EPSS
Exploits0References1
Prion
Prion
added 2019/11/14 5:15 p.m.21 views

Code injection

The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000100, versionName=7.0.1.0 that allows other pre-installed apps...

4.6CVSS7.3AI score0.0031EPSS
Exploits0References1
Prion
Prion
added 2019/11/14 5:15 p.m.11 views

Code injection

The Samsung J5 Android device with a build fingerprint of samsung/on5xeltedx/on5xelte:8.0.0/R16NW/G570YDXU2CRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=6010000, versionName=6.1.0.0 that allows other pre-installed apps t...

4.6CVSS7.3AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2018/12/28 9:29 p.m.4 views

CVE-2018-14992

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/USPhone/ASUSX0081:7.0/NRD90M/USPhone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm versionCode=1510500200, versionName=1.5.0.40171122 has an exposed interface...

5.5CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder