46 matches found
CVE-2026-20297
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the editlocalapps and installapps capabilities could cause a legitimate app...
EUVD-2026-44736
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the editlocalapps and installapps capabilities could cause a legitimate app...
CVE-2026-20297
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the editlocalapps and installapps capabilities could cause a legitimate app...
CVE-2026-20297 Path Traversal through 'explicit_appname' in the App Install REST Endpoint in Splunk Enterprise
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the editlocalapps and installapps capabilities could cause a legitimate app...
PT-2026-60234
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.4.1 Splunk Enterprise versions prior to 10.2.5 Splunk Enterprise versions prior to 10.0.8 Splunk Enterprise versions prior to 9.4.13 Splunk Enterprise versions prior to 9.3.14 Splunk Cloud Platform versio...
CVE-2026-54318 Home Assistant: Exported BroadcastReceiver allows local apps to spoof device location
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any installed app, with zero runtime permissions, can broadcast a forged Google Play Services...
CVE-2026-50207
The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...
CVE-2026-0634
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection...
CVE-2026-0634
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection...
CVE-2026-0634 Code Execution in AssistFeedbackService on TECNO Pova7 Pro 5G
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection...
CVE-2026-0634
CVE-2026-0634 describes code execution in the AssistFeedbackService on TECNO Pova7 Pro 5G devices running Android. The vulnerability allows local apps to execute arbitrary code as the system user via command injection, as reported across multiple feeds (Red Hat, ENISA/EUVD, NVD, CVE listing). Aff...
TECNO Pova7 Pro 5G 安全漏洞
The TECNO Pova7 Pro 5G is a smartphone from the Chinese company TECNO, capable of supporting 5G communication. The TECNO Pova7 Pro 5G has a security vulnerability, which stems from command injection in the AssistFeedbackService component. This vulnerability may allow local applications to execute...
PT-2026-29698
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection...
CVE-2025-65835
The Cordova plugin cordova-plugin-x-socialsharing SocialSharing-PhoneGap-Plugin for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses...
CVE-2023-38300
A certain software build for the Orbic Maui device Orbic/RC545L/RC545L:10/ORB545LV1.4.2BVZPP/230106:user/release-keys leaks the IMEI and the ICCID to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party...
CVE-2024-45741
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" paramete...
CVE-2023-38294
Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...
CVE-2023-38301
An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...
PT-2024-12696 · Motorola +1 · Motorola Moto G Pure +3
Name of the Vulnerable Software and Affected Versions: TCL 30Z affected versions not specified TCL 10L affected versions not specified Motorola Moto G Pure affected versions not specified Motorola Moto G Power affected versions not specified Description: An issue was discovered in a third-party...
CVE-2023-38300
CVE-2023-38300 affects the Orbic Maui device (Orbic/RC545L/RC545L:10/ORB545L_V1.4.2_BVZPP/230106:user/release-keys). A high-privilege process leaks non-resettable identifiers by exposing IMEI via persist.sys.verizon_test_plan_imei and ICCID via persist.sys.verizon_test_plan_iccid to system proper...