cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-0460,https://securityvulnerability.io/vulnerability/CVE-2023-0460,Remote code execution in YouTube Android Player API SDK,"The YouTube Embedded SDK version 1.2 is prone to a code execution vulnerability due to improper handling of service bindings. This flaw allows attackers to replace the intended service with a malicious app, enabling arbitrary code execution when the SDK is invoked. An attacker can exploit this by masquerading as the YouTube app and distributing both the malicious app and the SDK to unsuspecting users outside of the Play Store. This vulnerability highlights critical risks associated with service binding and remote code execution in mobile applications.",Google,YouTube Android Player API SDK,7.3,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-03-01T17:15:00.000Z,0