Qualcomm Chipsets security vulnerabilities

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There is a security vulnerability in Qualcomm Chipsets, which stems from concurrent modifications to user-space buffer areas, leading to memory corruption when processing IOCTL requests with mismatched API versions...

PT-2026-45633

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

CVE-2026-46091

In the Linux kernel, the following vulnerability has been resolved: media: rc: igorplugusb: heed coherency rules In a control request, the USB request structure can be subject to DMA on some HCs. Hence it must obey the rules for DMA coherency. Allocate it separately...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the igorplugusb driver not following the DMA consistency rules for USB control requests,...

CVE-2026-32915

OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause...

OpenClaw 安全漏洞

OpenClaw is a command line tool for rights management. A security vulnerability exists in versions of OpenClaw prior to 2026.3.11 that stems from insufficient authorization checking of subagent control requests, resulting in a leaf child agent being able to access the subagent control plane and...

ASUS Business System Control Interface 安全漏洞

ASUS Business System Control Interface is a system control interface developed by ASUS, a Chinese company. There is a security vulnerability in the ASUS Business System Control Interface. This vulnerability stems from excessive reading of data, which could allow unauthorized local users to access...

CVE-2025-60419

An issue was discovered in the NDIS Usermode IO driver RtkIOAC60.sys, version 6.0.5600.16348 allowing local authenticated attackers to send a crafted IOCTL request to the driver to cause a denial of service...

EUVD-2025-30983

Malicious code in bioql PyPI...

CVE-2025-47328

Transient DOS while processing power control requests with invalid antenna or stream values...

PT-2025-39284

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A temporary denial-of-service condition can occur when processing power control requests that contain invalid antenna or stream values. Recommendations At the moment, there is no information about a...

CVE-2025-52915

K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check if the number of incoming channels exceeds IWMAXFREQUENCIES when processing ioctl request...

PT-2024-25159 · Asus · Asus Atszio Driver

Name of the Vulnerable Software and Affected Versions: ASUS ATSZIO Driver version 0.2.1.7 Description: An issue in the component ATSZIO64.sys of the ASUS ATSZIO Driver allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Recommendations: For versi...

Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver 安全漏洞

Realtek Semiconductor Corp Realtekr High Definition Audio Function Driver is a High Definition Audio Driver from Realtek Semiconductor Corp, China. A security vulnerability exists in Realtek Semiconductor Corp Realtekr High Definition Audio Function Driver version v6.0.9549.1, which originates fr...

PT-2024-25162 · Wistron · Tbt Force Power Control

Name of the Vulnerable Software and Affected Versions: Wistron Corporation TBT Force Power Control version 1.0.0.0 Description: An issue in the component Access64.sys allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Recommendations: For versio...

Schneider Electric Geo SCADA Mobile Information Disclosure Vulnerability

Schneider Electric Geo SCADA Mobile is a mobile extension from Schneider Electric, a French company. It provides real-time remote access to critical SCADA data, allowing system users to monitor performance while "on the go," increasing employee productivity and improving overall system performanc...

CVE-2020-4561

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903...

IBM InfoSphere Metadata Asset Manager Server-Side Request Forgery Vulnerability

IBM InfoSphere Metadata Asset Manager imports, exports, and manages common metadata assets. A server-side request forgery vulnerability exists in IBM InfoSphere Metadata Asset Manager 11.7, which can be exploited by a remote authenticated attacker to submit or control server requests by sending...

CVE-2020-5898

In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \.\urvpndrv device causing the Windows kernel to crash...