Lucene search
+L

46 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-20297

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the editlocalapps and installapps capabilities could cause a legitimate app...

7.2CVSS0.00381EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44736

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the editlocalapps and installapps capabilities could cause a legitimate app...

7.2CVSS6.1AI score0.00381EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-20297

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the editlocalapps and installapps capabilities could cause a legitimate app...

7.2CVSS6.1AI score0.00381EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2 days ago39 views

CVE-2026-20297 Path Traversal through 'explicit_appname' in the App Install REST Endpoint in Splunk Enterprise

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the editlocalapps and installapps capabilities could cause a legitimate app...

7.2CVSS0.00381EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-60234

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.4.1 Splunk Enterprise versions prior to 10.2.5 Splunk Enterprise versions prior to 10.0.8 Splunk Enterprise versions prior to 9.4.13 Splunk Enterprise versions prior to 9.3.14 Splunk Cloud Platform versio...

7.2CVSS6.1AI score0.00381EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 5:40 p.m.40 views

CVE-2026-54318 Home Assistant: Exported BroadcastReceiver allows local apps to spoof device location

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any installed app, with zero runtime permissions, can broadcast a forged Google Play Services...

7.1CVSS0.00113EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-50207

The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...

8.5CVSS5.4AI score0.00133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/03 10:57 a.m.4 views

CVE-2026-0634

Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection...

7.8CVSS6.4AI score0.00521EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/02 8:48 a.m.1 views

CVE-2026-0634

Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection...

6.4AI score0.00521EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 8:48 a.m.1 views

CVE-2026-0634 Code Execution in AssistFeedbackService on TECNO Pova7 Pro 5G

Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection...

6.4AI score0.00521EPSS
Exploits0References1
CVE
CVE
added 2026/04/02 8:48 a.m.13 views

CVE-2026-0634

CVE-2026-0634 describes code execution in the AssistFeedbackService on TECNO Pova7 Pro 5G devices running Android. The vulnerability allows local apps to execute arbitrary code as the system user via command injection, as reported across multiple feeds (Red Hat, ENISA/EUVD, NVD, CVE listing). Aff...

7.8CVSS6.4AI score0.00521EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.11 views

TECNO Pova7 Pro 5G 安全漏洞

The TECNO Pova7 Pro 5G is a smartphone from the Chinese company TECNO, capable of supporting 5G communication. The TECNO Pova7 Pro 5G has a security vulnerability, which stems from command injection in the AssistFeedbackService component. This vulnerability may allow local applications to execute...

7.8CVSS6.2AI score0.00521EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29698

Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection...

6.4AI score0.00521EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.4 views

CVE-2025-65835

The Cordova plugin cordova-plugin-x-socialsharing SocialSharing-PhoneGap-Plugin for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses...

6.2CVSS6.7AI score0.00243EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:7 a.m.9 views

CVE-2023-38300

A certain software build for the Orbic Maui device Orbic/RC545L/RC545L:10/ORB545LV1.4.2BVZPP/230106:user/release-keys leaks the IMEI and the ICCID to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party...

6.2CVSS6.6AI score0.00184EPSS
Exploits0References1
OSV
OSV
added 2024/10/14 5:15 p.m.4 views

CVE-2024-45741

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" paramete...

5.4CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2024/04/22 3:15 p.m.28 views

CVE-2023-38294

Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...

6.1CVSS6.9AI score0.00173EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/22 12:0 a.m.18 views

CVE-2023-38301

An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...

6.8AI score0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.7 views

PT-2024-12696 · Motorola +1 · Motorola Moto G Pure +3

Name of the Vulnerable Software and Affected Versions: TCL 30Z affected versions not specified TCL 10L affected versions not specified Motorola Moto G Pure affected versions not specified Motorola Moto G Power affected versions not specified Description: An issue was discovered in a third-party...

7.1CVSS6.5AI score0.00155EPSS
Exploits0References4
CVE
CVE
added 2024/04/22 12:0 a.m.51 views

CVE-2023-38300

CVE-2023-38300 affects the Orbic Maui device (Orbic/RC545L/RC545L:10/ORB545L_V1.4.2_BVZPP/230106:user/release-keys). A high-privilege process leaks non-resettable identifiers by exposing IMEI via persist.sys.verizon_test_plan_imei and ICCID via persist.sys.verizon_test_plan_iccid to system proper...

6.2CVSS6.5AI score0.00184EPSS
Exploits0References1
Rows per page
Query Builder