CVE-2026-21023

The vulnerability CVE-2026-21023 affects PackageManagerService prior to SMR Mar-2026 Release 1, enabling local attackers to modify installation restrictions on specific apps. Root cause: insufficient verification of data authenticity in PackageManagerService. Impact per the sources: trivial local...

The vulnerability of the trusted execution environment allows for attacks on the Virtualization-Based Security (VBS) Enclave of Windows operating systems, enabling attackers to increase their privileges.

The vulnerability of the trusted execution environment for Virtualization-Based Security VBS in Windows operating systems is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the trusted execution environment of Virtualization-Based Security (VBS) Enclaves in Windows operating systems allows attackers to circumvent existing security restrictions.

The vulnerability of the trusted execution environment for Virtualization-Based Security VBS in Windows operating systems is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...

Vulnerability of Google Chrome and Microsoft Edge browser installers, allowing attackers to increase their privileges

The vulnerability of Google Chrome and Microsoft Edge browsers is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created link...

The vulnerability of the Dawn component in browsers Google Chrome and Microsoft Edge on Android operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Dawn component in Google Chrome and Microsoft Edge browsers on Android operating systems is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created HTML page from...

The vulnerability of the scanLib.bin library in the microprogramming software for programmable logic controllers AutomationDirect P3-550E allows a intruder to execute arbitrary code or cause a service failure.

The vulnerability of the scanLib.bin library in the microprogramming software for AutomationDirect P3-550E controllers is related to insufficient data authenticity checks. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause service failures...

The vulnerability of Fortinet’s antivirus scanning system for FortiOS operating systems and FortiMail email protection systems allows attackers to bypass security restrictions.

The vulnerability of Fortinet’s antivirus software for FortiOS operating systems and the FortiMail email protection system is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions using MIME content wi...

The vulnerabilities of the microprogramming software for the OPC UA Modicon Communication Module (BMENUA0100) and the X80 advanced RTU Communication Module (BMENOR2200H) allow attackers to cause service interruptions.

The vulnerability of the microprogramming software for the OPC UA Modicon Communication Module BMENUA0100 and the X80 advanced RTU Communication Module BMENOR2200H is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker operating remotely ...

The vulnerability of the implementation of the Safety Builder protocol for Safety Manager controller devices allows a intruder to execute arbitrary code.

The vulnerability of the implementation of the Safety Builder protocol for Safety Manager controllers is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code...

The vulnerability of microprogrammed software in programmable logic controllers such as AXC 1050, AXC 1050 XC, AXC 3050, FC 350 PCI ETH, ILC1x0, ILC1x1, ILC 1x1 GSM/GPRS, ILC 3xx, PC WORX RT BASIC, PC WORX SRT, RFC 430 ETH-IB, RFC 450 ETH-IB, RFC 460R PN 3TX, RFC 460R PN 3TX-S, RFC 470 PN 3TX, RFC 470S PN 3TX, RFC 480S PN 4TX arises from insufficient data authenticity checks. This allows attackers to gain full control over the device.

The vulnerabilities of microprogrammed software in programmable logic controllers such as AXC 1050, AXC 1050 XC, AXC 3050, FC 350 PCI ETH, ILC1x0, ILC1x1, ILC 1x1 GSM/GPRS, ILC 3xx, PC WORX RT BASIC, PC WORX SRT, RFC 430 ETH-IB, RFC 450 ETH-IB, RFC 460R PN 3TX, RFC 460R PN 3TX-S, RFC 470 PN 3TX,...

The vulnerability of the SSH protocol implementation in the cryptographic security tool PuTTY allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SSH protocol implementation in the cryptography security tool PuTTY is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the mod_remoteip and mod_rewrite modules in the Apache HTTP Server allows a hacker to replace an IP address.

The vulnerability of the modremoteip and modrewrite modules in the Apache HTTP Server is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a remote attacker to perform IP address substitution attacks...