Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
android api vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Fir...
Mozilla Thunderbird
Mozilla Focus
Mozilla Firefox Esr
Mozilla Firefox
8.8
CVSSv3
CVE-2023-29541
Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and M...
Mozilla Thunderbird
Mozilla Focus
Mozilla Firefox Esr
Mozilla Firefox
6.5
CVSSv3
CVE-2023-29548
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
Mozilla Thunderbird
Mozilla Focus
Mozilla Firefox Esr
Mozilla Firefox
8.8
CVSSv3
CVE-2023-29550
Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for An...
Mozilla Thunderbird
Mozilla Focus
Mozilla Firefox Esr
Mozilla Firefox
6.5
CVSSv3
CVE-2023-32060
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to sp...
Dhis2 Dhis 2
4.3
CVSSv3
CVE-2023-22813
A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a p...
Westerndigital My Cloud
Westerndigital Sandisk Ibi
Westerndigital My Cloud Home
Westerndigital My Cloud Os 5
9.8
CVSSv3
CVE-2023-21494
Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote malicious users to cause invalid memory access.
Samsung Android 13.0
7.8
CVSSv3
CVE-2023-22429
Android App 'Wolt Delivery: Food and more' version 4.27.2 and previous versions uses hard-coded credentials (API key for an external service), which may allow a local malicious user to obtain the hard-coded API key via reverse-engineering the application binary.
Wolt Wolt Delivery
8.1
CVSSv3
CVE-2022-45636
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows malicious user to unlock model(s) without authorization via arbitrary API requests.
Megafeis Bofei Dbd\\+ 1.4.4
Megafeis Bofei Dbd\\+ 1.4.3
1 Github repository
7.3
CVSSv3
CVE-2023-0460
The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. This allows the client app to remotely load code from YouTube Main App by retriev...
Google Youtube Android Player Api
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »