EUVD-2026-27887

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...

CVE-2026-42503

The CVE-2026-42503 issue affects gopls (golang.org/x/tools/gopls). When -listen (or -port) is used without an explicit host, gopls binds to 0.0.0.0, potentially allowing a malicious party on the same network to execute arbitrary code. This is described in the NVD entry and corroborated by multipl...

ROS-20260506-73-0005

A vulnerability in the processdebuginfo function of the GNU Binutils development tool is related to improper cleanup during exception handling. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

PT-2026-38220

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...

Google Android ADB Authentication Bypass Vulnerability

Android is an open source mobile operating system developed by Google, widely used in smartphones, tablets, smart TVs, cars and various IoT devices, providing core capabilities such as application operation, device management, network communication, debugging and security control, etc. Android...

PT-2026-38274

Name of the Vulnerable Software and Affected Versions Flight versions prior to 3.18.1 Description The default error handler Engine:: error writes the full exception message, exception code, and stack trace, including absolute filesystem paths, directly into the HTTP 500 response without debug...

EUVD-2026-27325

The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK all known versions through v3.4.14B does not perform any access control checks on the writemem ioctl 0x89F5 and readmem ioctl 0x89F6 debug handlers, which are compiled into production builds via the unconditionally defined...

CVE-2026-43062

CVE-2026-43062 concerns the Linux kernel Bluetooth L2CAP path, where l2cap_ecred_reconf_rsp() incorrectly casts incoming data to struct l2cap_ecred_conn_rsp instead of struct l2cap_ecred_reconf_rsp. This type confusion causes: (1) the length check to require 8 bytes instead of 2, rejecting valid ...

CVE-2026-22679

Weaver Fanwei E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft PO...

CVE-2026-36355

The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK all known versions through v3.4.14B does not perform any access control checks on the writemem ioctl 0x89F5 and readmem ioctl 0x89F6 debug handlers, which are compiled into production builds via the unconditionally defined...

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

A critical security vulnerability in Weaver Fanwei E-cology, an enterprise office automation OA and collaboration platform, has come under active exploitation in the wild. The vulnerability CVE-2026-22679 , CVSS score: 9.8 relates to a case of unauthenticated remote code execution affecting Weave...

CVE-2026-36355

The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK all known versions through v3.4.14B does not perform any access control checks on the writemem ioctl 0x89F5 and readmem ioctl 0x89F6 debug handlers, which are compiled into production builds via the unconditionally defined...

CVE-2026-36355

The CVE-2026-36355 issue affects the Realtek rtl8192cd Wi‑Fi kernel driver in the rtl819x Jungle SDK (all known versions up to v3.4.14B). The underlying problem is missing access checks on the debug handlers write_mem (ioctl 0x89F5) and read_mem (ioctl 0x89F6), which are compiled into production ...

Realtek rtl819x Jungle SDK 信息泄露漏洞

The Realtek RTL819x Jungle SDK is a driver for wireless local area network chips developed by Realtek Semiconductor. The SDK contains an information leakage vulnerability, which stems from the lack of access control checks in the debug handlers of the writemem and readmem functions within the...

PT-2026-37043

Name of the Vulnerable Software and Affected Versions Realtek rtl819x Jungle SDK versions prior to v3.4.14B Description The rtl8192cd Wi-Fi kernel driver fails to perform access control checks on the write mem ioctl 0x89F5 and read mem ioctl 0x89F6 debug handlers. These handlers are included in...

CVE-2026-36355

The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK all known versions through v3.4.14B does not perform any access control checks on the writemem ioctl 0x89F5 and readmem ioctl 0x89F6 debug handlers, which are compiled into production builds via the unconditionally defined...

CVE-2026-0073

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

Google Android 安全漏洞

Android is an open source mobile operating system developed by Google, widely used in smartphones, tablets, smart TVs, cars and various IoT devices, providing core capabilities such as application operation, device management, network communication, debugging and security control, etc. Android...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Modified the print level of CQE errors. Excessive printing may cause panic in the kernel. Change ibdeverr to ibdeverrratelimited, and adjust the printing level of CQE dumps to debug level...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: flowdissector: Use DEBUGNETWARNONONCE. This issue is easy to reproduce both upstream and in the -stable kernels. Florian Westphal provided the following commit: d1dab4f71d37 “net: add and use skbgethashsymmetricnet". However...