CVE-2026-9888

An use after free flaw was found in the WebView component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=511715166...

CVE-2026-7342

An use after free flaw was found in the WebView component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=503889643...

EUVD-2025-24672

Malicious code in bioql PyPI...

EUVD-2023-30130

Malicious code in bioql PyPI...

EUVD-2023-44261

Malicious code in bioql PyPI...

EUVD-2023-30132

Malicious code in bioql PyPI...

CVE-2025-27388

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens...

OPPO HEALTH APP 安全漏洞

OPPO HEALTH APP is a health mobile app from China's OPPO. A security vulnerability exists in OPPO HEALTH APP, which originates from the introduction of malicious JS code via loading an arbitrary external URL via the WebView component, which may steal user tokens...

CVE-2023-26309

A remote code execution vulnerability in the webview component of OnePlus Store app...

CVE-2023-26311

A remote code execution vulnerability in the webview component of OPPO Store app...

CVE-2024-1609

CVE-2024-1609 affects the OPPOStore iOS App. The root cause is improper input validation that enables privilege escalation. Reported across multiple sources (NVD, Red Hat, CNNVD, CVE listings) with a CVSS v4.0 base score of 8.7 (HIGH): attack vector is NETWORK, privileges required NONE, user inte...

CVE-2024-1609 OPPO Store APP has a WebView component privilege escalation vulnerability.

In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation...

CVE-2024-31974

The com.solarized.firedown aka Solarized FireDown Browser & Downloader application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately...

PT-2024-24328 · Unknown · Com.Solarized.Firedown

Name of the Vulnerable Software and Affected Versions: com.solarized.firedown aka Solarized FireDown Browser & Downloader version 1.0.76 Description: The issue allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. This is possible because...

CVE-2023-49001

An issue in Indi Browser aka kvbrowser v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component...

CVE-2023-49001

An issue in Indi Browser aka kvbrowser v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component...

Design/Logic Flaw

An issue in Indi Browser aka kvbrowser v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component...

Indi Browser Security Vulnerability

Indi Browser is a browser from Indi Browser, Inc. A security vulnerability exists in Indi Browser version v.12.11.23, which stems from a vulnerability that allows an attacker to bypass intended access restrictions by interacting with the com.example.gurry.kvbrowswer.webview component...

PT-2023-31026 · Unknown · Indi Browser

Name of the Vulnerable Software and Affected Versions: Indi Browser aka kvbrowser version 12.11.23 Description: An issue in Indi Browser allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. Recommendations: For version...

Design/Logic Flaw

The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web conte...