Lucene search
K

95820 matches found

OSV
OSV
added 5 days ago1 views

PYSEC-2026-2620 matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

8.7CVSS7AI score0.0178EPSS
Exploits0References5
PyPA
PyPA
added 5 days ago2 views

matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

8.7CVSS7AI score0.0178EPSS
Exploits0References5Affected Software1
OSV
OSV
added 5 days ago3 views

PYSEC-2026-2796 Out-of-bounds Write in OpenCV

In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android...

7.8CVSS7AI score0.00293EPSS
Exploits0References9
OSV
OSV
added 5 days ago1 views

PYSEC-2026-2835 Out-of-bounds Write in OpenCV

In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android...

7.8CVSS7AI score0.00293EPSS
Exploits0References9
OSV
OSV
added 5 days ago2 views

PYSEC-2026-2811 Out-of-bounds Write in OpenCV

In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android...

7.8CVSS6.2AI score0.00293EPSS
Exploits0References9
PyPA
PyPA
added 5 days ago4 views

Out-of-bounds Write in OpenCV

In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android...

7.8CVSS7AI score0.00293EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 5 days ago4 views

Out-of-bounds Write in OpenCV

In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android...

7.8CVSS7AI score0.00293EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 5 days ago3 views

Out-of-bounds Write in OpenCV

In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android...

7.8CVSS7AI score0.00293EPSS
Exploits0References9Affected Software1
OSV
OSV
added 5 days ago1 views

CVE-2026-15193 AidanPark openclaw-android Android WebView Bridge JsBridge.kt os command injection

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...

4.8CVSS5.7AI score0.00683EPSS
Exploits0References9
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42626

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...

5.3CVSS5.7AI score0.00683EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 5 days ago8 views

CVE-2026-15193 AidanPark openclaw-android Android WebView Bridge JsBridge.kt os command injection

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...

5.3CVSS5.7AI score0.00683EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-15193

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...

5.3CVSS5.5AI score0.00683EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-15193 AidanPark openclaw-android Android WebView Bridge JsBridge.kt os command injection

A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only ...

5.3CVSS0.00683EPSS
Exploits0References7
CVE
CVE
added 5 days ago12 views

CVE-2026-15193

CVE-2026-15193 affects AidanPark openclaw-android up to 0.4.0. The issue resides in Android WebView Bridge's JsBridge.kt (unknown function) and enables OS command injection via local access. Publicly disclosed exploit details exist, and a fix is awaiting acceptance in a pull request. Remediation ...

5.3CVSS5.7AI score0.00683EPSS
Exploits0References7
The Hacker News
The Hacker News
added 5 days ago13 views

Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes

Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains. The activity dates back to at least August 2022, according to...

6.1AI score
Exploits0
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42484

Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6AI score0.00202EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42486

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6AI score0.00089EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56834

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends...

7.5CVSS6AI score0.00229EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 5 days ago3 views

SUSE SLED15: jackson-annotations / jackson-core / jackson-databind / etc (SUSE-SU-2026:2801-1)

"The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2801-1 advisory. This update for jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-dataformats- binary...

8.1CVSS6.2AI score0.00695EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56919

An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected...

8.7CVSS6AI score0.00125EPSS
Exploits0References2
Rows per page
Query Builder