EUVD-2026-29902

Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier...

CVE-2026-21015

Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier...

CVE-2026-28957

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

EUVD-2026-29262

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

CVE-2026-28957

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

CVE-2026-28957

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

CVE-2026-28957

CVE-2026-28957 concerns an issue where an app could access camera metadata, addressed by Apple with a fixes in iOS/iPadOS 18.7.9 and 26.5, and visionOS 26.5. Affected software includes iOS and iPadOS releases 18.7.9 and 26.5, plus visionOS 26.5; the underlying cause is improper handling of camera...

CVE-2026-28957

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

EUVD-2026-29113

D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection...

Yarbo responds to robot flaws that could mow down their owners

A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords. Security researcher Andreas Makris found he could remotely hijack thousands of Yarbo yard robots worldwide, and proved it by having his mower run him...

CVE-2026-36983

D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection...

D-Link DCS-932L 安全漏洞

The D-Link DCS-932L is a network surveillance camera from D-Link Corporation. It is used for security and monitoring purposes. The D-Link DCS-932L version 2.18.01 has a security vulnerability. This vulnerability stems from improper handling of the parameter LightSensorControl by the function...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

PT-2026-39805

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

PT-2026-39536

Name of the Vulnerable Software and Affected Versions D-Link DCS-935L versions prior to 1.10.01 Description A buffer overflow can be triggered remotely via the HNAP Service. The issue exists in the SetDeviceSettings function within the '/web/cgi-bin/hnap/hnap service' endpoint when manipulating t...

SUSE CVE-2026-43256

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfeisrregupdate vfeisr iterates using MSMVFEIMAGEMASTERSNUM7 as the loop bound and passes the index to vfeisrregupdate. However, vfe-line array is defined with VFELINENUMMAX4:...

CVE-2026-43256

CVE-2026-43256 is a Linux kernel vulnerability in the media subsystem (Qualcomm CAMSS VM) where the vfe_isr_reg_update() function may perform an out-of-bounds access. The code loops with MSM_VFE_IMAGE_MASTERS_NUM(7) but accesses vfe->line[] defined as struct vfe_line lineVFE_LINE_NUM_MAX . Whe...

CVE-2026-43256

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfeisrregupdate vfeisr iterates using MSMVFEIMAGEMASTERSNUM7 as the loop bound and passes the index to vfeisrregupdate. However, vfe-line array is defined with VFELINENUMMAX4:...

PT-2026-37596

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfe isr reg update vfe isr iterates using MSM VFE IMAGE MASTERS NUM7 as the loop bound and passes the index to vfe isr reg update. However, vfe-line array is defined with VFE...

CVE-2025-47405

Memory corruption when processing camera sensor input/output control codes with invalid output buffers...